9 matches found
CVE-2026-3266
Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs. This issue affects Filr: through 25.1.2...
EUVD-2019-1040
Malware in sbrugna...
Information Disclosure
jupyterlab is vulnerable to Information Disclosure. The vulnerability is due to a lack of URL validation or sanitization, which could potentially allow an attacker to craft a malicious URL that exposes sensitive information such as Authorization and XSRF tokens when the link is clicked on...
CVE-2019-0267
SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, Illuminator Servlet currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application...
Halon Security Router < 3.2r2 Multiple Vulnerabilities
According to its self-reported version, the instance of Halon Security Router running on the remote host is affected by multiple vulnerabilities : - Multiple reflected cross-site scripting vulnerabilities exist in the web interface due to a failure to sanitize user-supplied input. - Multiple...
Internet Bug Bounty: Flash local-with-fileaccess Sandbox Bypass
The proof of concept attached will exploit the implementation of flash in some browsers that will bypass the local-with-fileaccess sandbox. By encoding in ignored file:// uri characters, and navigating to another page with a decoder script. one is able to read arbitrary files AND parse it to the...
OpenKM Document Management System 5.1.7 Command Execution
Exploit for jsp platform in category web applications COMPASS SECURITY ADVISORY http://www.csnc.ch/ ID: COMPASS-2012-002 Product: OpenKM Document Management System 5.1.7 1 Vendor: OpenKM http://www.openkm.com/ Subject: Cross-site Request Forgery based OS Command Execution Risk: High Effect:...
OpenKM 5.1.7 OS Command Execution (XSRF based)
COMPASS SECURITY ADVISORY http://www.csnc.ch/ ID: COMPASS-2012-002 Product: OpenKM Document Management System 5.1.7 1 Vendor: OpenKM http://www.openkm.com/ Subject: Cross-site Request Forgery based OS Command Execution Risk: High Effect: Remotely exploitable Author: Cyrill Brunschwiler...
Drupal CAPTCHA Logic Security Flaw
Drupal Captcha bruteforcing bypass This is a Proof Of Concept to demonstrate a logic security flow in the way drupal captcha is used to protect login forms from bruteforce. If the captcha challenge is solved, the next login attempts can be issued without solving any new captcha challenge. Usage:...