#csrf

CVE-2023-25240: Bypassing SameSite cookie restrictions | Web Security Academy

An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code.

2 years ago

#xss #csrf #vulnerability #web #git #java #oauth #auth #chrome

CVE-2023-25717: Proof of Concept - Ruckus Wireless Admin (=<10.4 - Unauthenticated Remote Code Execution / CSRF / SSRF) - CYBIR - Cyber Security, Incident Response, & Digital Forensics

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.

2 years ago

CVE

Open in Source

#csrf #web #git #rce #ssrf #auth

CVE-2022-41134: WordPress Optinly plugin <= 1.0.15 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) in OptinlyHQ Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms plugin <= 1.0.15 versions.

2 years ago

CVE

Open in Source

#csrf #vulnerability #wordpress #auth

Deserialized web security roundup: KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

2 years ago

PortSwigger

Open in Source

#xss #csrf #vulnerability #web #mac #google #microsoft #cisco #dos #git #java #php #rce #pdf #oauth #auth #ruby #jira #chrome #ssl

CVE-2023-23286: Provide server v.14.4

Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form.

2 years ago

CVE

Open in Source

#xss #csrf #vulnerability #web #java #auth

Red Hat Security Advisory 2023-0560-01

Red Hat Security Advisory 2023-0560-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass, cross site request forgery, cross site scripting, denial of service, deserialization, and improper authorization vulnerabilities.

2 years ago

Packet Storm

Open in Source

#xss #csrf #vulnerability #web #google #red_hat #dos #git #java #kubernetes #oauth #auth #ssh

RHSA-2023:0560: Red Hat Security Advisory: OpenShift Container Platform 4.10.51 security update

Red Hat OpenShift Container Platform release 4.10.51 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7692: PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the ...

2 years ago

Red Hat Security Data

Open in Source