EUVD-2018-8629

Malware in sbrugna...

xunfeng Command Injection Vulnerability

xunfeng is a rapid vulnerability response and asset scanning system for enterprise intranets. A command injection vulnerability exists in xunfeng version 0.2.0, which stems from the failure of the masscan.py file to properly handle backquote characters and can be exploited by an attacker to execu...

xunfeng anti-csrf decorator cross-site request forgery vulnerability

xunfeng is a vulnerability rapid response and asset scanning system for enterprise intranets. anti-csrf decorator is one of the CSRF processing components. The anti-csrf decorator in xunfeng version 0.2.0 has a cross-site request forgery vulnerability that originates from the views/lib/AntiCSRF.p...

Command injection

xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832...

CVE-2018-16951

xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832...

CVE-2018-16951

xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832...

CVE-2018-16951

CVE-2018-16951 affects xunfeng 0.2.0, where a command injection can be triggered via CSRF due to masscan.py mishandling backquote characters. The entry notes this is related to CVE-2018-16832 and cites the CSRF issue in views/lib/AntiCSRF.py that can lead to arbitrary code execution. Multiple sou...

CVE-2018-16951

xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832...

CVE-2018-16832

CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header...

CVE-2018-16832

CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header...

Cross site request forgery (csrf)

CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header...

CVE-2018-16832

CVE-2018-16832 describes a CSRF vulnerability in the anti-csrf decorator of xunfeng 0.2.0. The root cause is in views/lib/AntiCSRF.py, where the request.host value can be overwritten with the content of the X-Forwarded-Host header, enabling an attacker to modify configuration via a Flash file. Th...

CVE-2018-16832

CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header...