what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 3,288 RSS Feed

CSRF Files

F5 BIG-IP iControl Cross Site Request Forgery
Posted Nov 21, 2022
Authored by Ron Bowes | Site metasploit.com

This Metasploit module exploits a cross-site request forgery (CSRF) vulnerability in F5 Big-IP's iControl interface to write an arbitrary file to the filesystem. While any file can be written to any location as root, the exploitability is limited by SELinux; the vast majority of writable locations are unavailable. By default, we write to a script that executes at reboot, which means the payload will execute the next time the server boots. An alternate target - Login - will add a backdoor that executes next time a user logs in interactively. This overwrites a file, but we restore it when we get a session Note that because this is a CSRF vulnerability, it starts a web server, but an authenticated administrator must visit the site, which redirects them to the target.

tags | exploit, web, arbitrary, root, csrf
advisories | CVE-2022-41622
SHA-256 | 0942abdee0725fc32a285ecb9a23fb1bfe3ecc058946e6d59dda0de6b91cbca4
Debian Security Advisory 5279-2
Posted Nov 17, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5279-2 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, create open redirects, bypass authorization access, or perform Cross-Site Request Forgery (CSRF) or Cross-Site Scripting (XSS) attacks. The wordpress package released in DSA-5279-1 had incorrect dependencies that could not be satisfied in Debian stable. This update corrects the problem.

tags | advisory, remote, web, vulnerability, xss, sql injection, csrf
systems | linux, debian
SHA-256 | 389845c1cb18def69eba66246c35f85df9383c4619ea4cbb54983839e90b7fcb
Debian Security Advisory 5279-1
Posted Nov 16, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5279-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, create open redirects, bypass authorization access, or perform Cross-Site Request Forgery (CSRF) or Cross-Site Scripting (XSS) attacks.

tags | advisory, remote, web, vulnerability, xss, sql injection, csrf
systems | linux, debian
SHA-256 | 341ee59a0eda06f9f4d0a55d3d0dcfde3def67460f959fbb244cede42273627d
WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request Forgery
Posted Nov 15, 2022
Authored by Julien Ahrens | Site rcesecurity.com

WordPress BeTheme BeCustom plugin versions 1.0.5.2 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2022-3747
SHA-256 | 651b396c90687b1931dfce7d1f9402a1dff09a912ce895903c27111b0634e43e
Red Hat Security Advisory 2022-8057-01
Posted Nov 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8057-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include cross site request forgery, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.

tags | advisory, denial of service, vulnerability, xss, csrf
systems | linux, redhat
advisories | CVE-2021-23648, CVE-2022-1705, CVE-2022-1962, CVE-2022-21673, CVE-2022-21698, CVE-2022-21702, CVE-2022-21703, CVE-2022-21713, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635
SHA-256 | 3ee16e49a8baf9378c63381be5115444e228ecd6a3b4ae465fcf1331c83fb783
Red Hat Security Advisory 2022-7519-01
Posted Nov 8, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7519-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include cross site request forgery, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.

tags | advisory, denial of service, vulnerability, xss, csrf
systems | linux, redhat
advisories | CVE-2021-23648, CVE-2022-1705, CVE-2022-1962, CVE-2022-21673, CVE-2022-21698, CVE-2022-21702, CVE-2022-21703, CVE-2022-21713, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635
SHA-256 | 3e15d8d2daf7a09f7541e03f3086b2da3507f9323e80ae6e10ec506f6426e5c7
Online Birth Certificate Management System 1.0 Cross Site Request Forgery
Posted Sep 27, 2022
Authored by Yousef Alraddadi

Online Birth Certificate Management System version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | f90076f01c3d533b4fccbc2387bf165114d9246cfe28d87c6be0ae171a022afe
Multix 2.4 Cross Site Request Forgery
Posted Sep 22, 2022
Authored by th3d1gger

Multix version 2.4 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | d804687ad3c71ed52a7465168db79fb1a6b87b78c6e128b3cc988a897cc33cf8
Online Employee Leave Management System 1.0 Cross Site Request Forgery
Posted Sep 6, 2022
Authored by Amolo Hunters

Online Employee Leave Management System version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 0710715d45689c909a85c5900c640070b5bf1573e0e7b5eaa10c502265e786a4
WordPress Ecwid Ecommerce Shopping Cart 6.10.23 Cross Site Request Forgery
Posted Aug 5, 2022
Authored by Marco Wotschka | Site wordfence.com

WordPress Ecwid Ecommerce Shopping Cart plugin versions 6.10.23 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2022-2432
SHA-256 | 4d8603e0293338606a482d16c657252dae8f29113703208bc7aafca598be3ca6
Transposh WordPress Translation 1.0.8.1 Cross Site Request Forgery
Posted Jul 29, 2022
Authored by Julien Ahrens | Site rcesecurity.com

Transposh WordPress Translation versions 1.0.8.1 and below suffer from cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2021-24912
SHA-256 | 00f492b81f8c36b3158ff92303a3ed9b8713a137b201a866100dd6430cd9a03c
JM-DATA ONU JF511-TV 1.0.67 / 1.0.62 / 1.0.55 XSS / CSRF / Open Redirect
Posted Jun 19, 2022
Authored by Neurogenesia | Site zeroscience.mk

JM-DATA ONU JF511-TV versions 1.0.67, 1.0.62, and 1.0.55 suffer from cross site request forgery, persistent cross site scripting, default credential, and open redirection vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | c51066c0cb9048b02b75497475a4a15013a17f7c6f79b27527c10c72ae1fc0c9
Marval MSM 14.19.0.12476 Cross Site Request Forgery
Posted Jun 19, 2022
Authored by Momen Eldawakhly

Marval MSM version 14.19.0.12476 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | aecc677dbeadf1e311ca918427b11abd363470e74f04e5d771a7638543fba47c
PHPIPAM 1.4.4 Cross Site Request Forgery / Cross Site Scripting
Posted May 19, 2022
Authored by Rodolfo Tavares | Site tempest.com.br

PHPIPAM version 1.4.4 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2021-46426
SHA-256 | 050c77ae0f13a5b4247218de44f8bf133ca516aae7da4d73aba802231bdde893
WordPress Blue Admin 21.06.01 Cross Site Request Forgery
Posted May 11, 2022
Authored by Abisheik M

WordPress Blue Admin plugin version 21.06.01 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 565e1dfee9a847dbd07998efdff9ee95a2f3f8e9796f37efdf64ce435d785ed9
WordPress Stafflist 3.1.2 Cross Site Request Forgery
Posted May 2, 2022
Authored by Hassan Khan Yusufzai

WordPress Stafflist plugin version 3.1.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 9d6c94780d9e6bad20039cfa30e21ac1263e9e05f4af98d371874857a71295c3
Fuel CMS 1.5.0 Cross Site Request Forgery
Posted Apr 18, 2022
Authored by Ali J

Fuel CMS version 1.5.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | a4af693e497d4996d8c0e666db468defe2f659409f9308f786a612dc743fa1f7
Delta Controls enteliTOUCH 3.40.3935 Cross Site Request Forgery
Posted Apr 14, 2022
Authored by LiquidWorm | Site zeroscience.mk

Delta Controls enteliTOUCH versions 3.40.3935, 3.40.3706, and 3.33.4005 suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 29cb721e83f960d667cf6c98532f19aade113ac4dead4421a2632694ec3913c0
qdPM 9.2 Cross Site Request Forgery
Posted Apr 7, 2022
Authored by Chetanya Sharma

qdPM version 9.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2022-26180
SHA-256 | 64ddbfaa1da0cb1473febe63a28eecb79a7e8e8d82ebad0f32c44475dadf890f
ICEHRM 31.0.0.0S Cross Site Request Forgery
Posted Apr 7, 2022
Authored by Devansh Bordia

ICEHRM version 31.0.0.0S cross site request forgery exploit that demonstrates account deletion. This finding varies from the original finding of cross site request forgery in the same software from the same researcher.

tags | exploit, csrf
advisories | CVE-2022-26588
SHA-256 | b9ee29826a306b33bdc668fcd9b9e3b8d9c8e92ba320ac432ad6259e72d505c3
Online Banquet Booking System 1.0 Cross Site Request Forgery
Posted Apr 5, 2022
Authored by Saud Alenazi

Online Banquet Booking System version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 242e1ac878946f2c1079108497cb89ce8c04972924dd3446288bd6725374a38b
WordPress Curtain 1.0.2 Cross Site Request Forgery
Posted Mar 30, 2022
Authored by Hassan Khan Yusufzai

WordPress Curtain plugin version 1.0.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | f394a443240b0a394250f659b08eabdf25ac27620ce8316b56cf87a0d070fafb
ICEHRM 31.0.0.0S Cross Site Request Forgery
Posted Mar 22, 2022
Authored by Devansh Bordia

ICEHRM version 31.0.0.0S suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 096c17b59dcf5a176b516a6e32f1f053ba9cc9d99442901c1ec82846fbaa5b26
iRZ Mobile Router Cross Site Request Forgery / Remote Code Execution
Posted Mar 22, 2022
Authored by Robert Willis, Stephen Chavez

iRZ mobile routers versions RU21, RU21w, RL21, RU41, and RL01 suffer from a cross site request forgery vulnerability that can enable remote code execution.

tags | exploit, remote, code execution, csrf
advisories | CVE-2022-27226
SHA-256 | 9f87d1b4dfcf65a7a815809793fabfafcaf1d56d194ef000382ae92167e751d7
Red Hat Security Advisory 2022-0056-01
Posted Mar 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0056-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.3. Issues addressed include bypass, cross site request forgery, denial of service, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, csrf
systems | linux, redhat
advisories | CVE-2014-3577, CVE-2016-10228, CVE-2017-14502, CVE-2018-1000858, CVE-2018-20843, CVE-2019-13050, CVE-2019-13627, CVE-2019-14889, CVE-2019-15903, CVE-2019-19906, CVE-2019-20454, CVE-2019-20807, CVE-2019-25013, CVE-2019-8625, CVE-2019-8710, CVE-2019-8720, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813
SHA-256 | 47c94baf45591caac279b395191a39b15211aab64fbf51a7551c99c5711dd019
Page 1 of 132
Back12345Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close