#csrf

CMS Contabil Bandeirantes 1.0.0 Cross Site Request Forgery

CMS Contabil Bandeirantes version 1.0.0 suffers from a cross site request forgery vulnerability.

2 years ago

#csrf #vulnerability #ios #windows #google #php #acer #auth #firefox

CVE-2023-32625: Multiple vulnerabilities in WordPress Plugin "TS Webfonts for SAKURA"

Cross-site request forgery (CSRF) vulnerability in TS Webfonts for SAKURA 3.1.2 and earlier allows a remote unauthenticated attacker to hijack the authentication of a user and to change settings by having a user view a malicious page.

2 years ago

CVE

Open in Source

#xss #csrf #vulnerability #web #wordpress #auth

GHSA-45g2-r339-pjwf: Cockpit CMS Cross-Site Request Forgery vulnerability

A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands.

2 years ago

ghsa

Open in Source

#csrf #vulnerability #git

CVE-2023-37650: Multiple Vulnerabilities in Cockpit CMS <= v2.5.2

A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands.

2 years ago

CVE

Open in Source

#sql #xss #csrf #vulnerability #web #mac #js #git #java #php #rce #perl #auth #mongo

CMS Nexin Adminisztracios Kozpont 1.2 Insecure Settings

CMS Nexin Adminisztracios Kozpont version 1.2 appears to leave default credentials installed after installation.

2 years ago

Packet Storm

Open in Source

#sql #xss #csrf #vulnerability #web #ios #mac #windows #apple #google #ubuntu #linux #debian #cisco #java #php #perl #auth #ruby #firefox

CMS iQ-Digital 2.0 Cross Site Scripting

CMS iQ-Digital version 2.0 suffers from a cross site scripting vulnerability.

2 years ago

Packet Storm

Open in Source

#sql #xss #csrf #vulnerability #web #ios #mac #windows #apple #google #ubuntu #linux #debian #cisco #git #java #php #perl #auth #ruby #firefox

CVE-2023-32261: Jenkins Security Advisory 2023-06-14

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/

2 years ago

CVE

Open in Source

#xss #csrf #vulnerability #git #java #aws #maven #ssl

Openfire Authentication Bypass / Remote Code Execution

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This Metasploit module will use the vulnerability to create a new admin user that will be used to upload a Openfire management plugin weaponized with a java native payload that triggers remote code execution. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the first version on the 4.8 branch, which is version 4.8.0.

2 years ago

Packet Storm

Open in Source