EUVD-2017-0351

Malware in sbrugna...

CVE-2017-16570

KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7KEYJS03. In other words, it fails to reject requests that lack an x-csrf-token header...

Cross-site Request Forgery (CSRF)

github.com/openshift/origin is vulnerable to cross-site request forgery CSRF attacks. These attacks are possible because it does not check the X-CSRF-Token header of requests...

Coinbase: Create Multiple Account Using Similar X-CSRF token

Multiple Accounts can be created using the similar X-csrf token ! I have tested and created around 45+ accounts in this way ! Take a look ! in attachment ! i have created account range from test1-test27 3 times ! File is also attached for tested creating accounts !...

IP Board 3.x - CSRF Token hjiacking

No description provided by source. Title: IP Board 3.x CSRF - Token hjiacking Date: 03.09.14 Version: = 3.4.6 Vendor: invisionpower.com Author: Piotr S. Video-PoC: https://www.youtube.com/watch?v=G5P21TA4DjY 1 Introduction Latest and propabbly previous IPB verions suffers on vulnerability, which...

Factlink: X/Csrf token problem

I found that you are using X/Csrf token as a protection against CSRF attacks. But you are using same X/Csrf token in and out. eg z3qrwilV8lz7CXsMhmvqxn+93GDZm/m9w/d5DZjoj8w= This token is same before and after log-in. This must be patch as it me result session hacks...