Race condition

GIGAPOD file servers Appliance model and Software model provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests CVE-2011-3192, which may lead to ...

Race Conditional exists in the collection

Description Ordinary users can use this vulnerability to attack other users' question collection, which can break through a single user's operation of only collecting or canceling the collection, resulting in too many or negative collections Proof of Concept step1 . Open burp, click collection, a...

Cross site request forgery (csrf)

Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation User operation resulting in elevation of privilege to Administrator group...

CVE-2022-26309 Cross-Site Request en Bulk operation (User operation)

Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation User operation resulting in elevation of privilege to Administrator group...

PT-2022-17777 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS version 7.0NG.759 Description: The issue allows Cross-Site Request Forgery in Bulk operation, specifically in the User operation, resulting in elevation of privilege to the Administrator group. Recommendations: For Pandora FMS...

CVE-2022-26309

Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation User operation resulting in elevation of privilege to Administrator group...

Cross-Site Request Forgery (CSRF) to User Privilege Escalation

Description Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation User operation resulting in elevation of privilege to Administrator group. Detail Version: Pandora FMS v7.0NG.759 - OUM 759 - MR 51 Affected components: Console Proof of Concept Affected Endpoint: POST...

BEWARD Intercom 2.3.1 Credential Disclosure

!/usr/bin/env python -- coding: utf8 -- BEWARD Intercom 2.3.1 Credentials Disclosure Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: 2.3.1.34471 2.3.0 2.2.11 2.2.10.5 2.2.9 2.2.8.9 2.2.7.4 Note: For versions above 2.2.11: The application data directory, whic...

lifetype 1.2.11 CSRF Add User

Exploit for php platform in category web applications +---------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title := lifetype 1.2.11 CSRF Add User Date := 05/april/2012 Author := khaled-Ham Software link :...

MOAB-13-01-2007: Apple DMG HFS+ do_hfs_truncate() Denial of Service Vulnerability

Summary A specially crafted HFS+ filesystem in a DMG image can cause the dohfstruncate function to panic the kernel denial of service, when attempting to remove a file from the mounted filesystem. This issue can't lead to arbitrary code execution, although there's a significant risk of local HFS+...