Tag
#csrf
Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.
This Metasploit module exploits the Git fetch command in the Gitea repository migration process to allow for remote command execution on the system. This vulnerability affect Gitea versions prior to 1.16.7.
Debian Linux Security Advisory 5279-2 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, create open redirects, bypass authorization access, or perform Cross-Site Request Forgery (CSRF) or Cross-Site Scripting (XSS) attacks. The wordpress package released in DSA-5279-1 had incorrect dependencies that could not be satisfied in Debian stable. This update corrects the problem.
A case study on the complexity of browser security
Multiple security vulnerabilities have been disclosed in F5 BIG-IP and BIG-IQ devices that, if successfully exploited, to completely compromise affected systems. Cybersecurity firm Rapid7 said the flaws could be abused to remote access to the devices and defeat security constraints. The two high-severity issues, which were reported to F5 on August 18, 2022, are as follows -
Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php.
Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account.
Widespread exploitation deemed ‘unlikely’ given hurdles
A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213787.