WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a cross site request forgery vulnerability.
078ea2f052b0bdbecbdbb86ff5abadf7af3ecef36acd21e345034b86b58c3b8eWEBY version 1.2.5 suffers from a cross site request forgery vulnerability.
b90c7065497d4612bd9e8fe865ff315451e501545f2dcf82cfe35fbab372f669Red Hat Security Advisory 2023-0560-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass, cross site request forgery, cross site scripting, denial of service, deserialization, and improper authorization vulnerabilities.
87d74e099c44a8fba916939b5b695bf11f9ee4557c7c18075edde2249576eb5cOn January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to missing authorization, insecure direct object reference, cross site request forgery as well as cross site scripting in versions up to, and including, 2.0.2.
e3ba7e7e5a2df6cde42d9ee75f8bec79e5251c694adb11dfae0969e813acffdbRed Hat Security Advisory 2023-0017-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.56. Issues addressed include bypass, cross site request forgery, cross site scripting, denial of service, and man-in-the-middle vulnerabilities.
100324dc37a3b8c6880e383212a38c4af09adce1dd885bc1832da298b091d2f2WordPress Royal Elementor add-ons versions 1.3.59 and below suffer from cross site request forgery, insufficient access control, cross site scripting vulnerabilities.
5d3c94aa12c0662cecfc95164895acace4553b37a6d627727e5abb15210b1abaMedisense-Healthcare Solutions CRM version 2.0 suffers from a cross site request forgery vulnerability.
01f668cbe090f4fc42a294a8bc4e25ae5e25e8e14835dab57cbbc94d04815623Tiki Wiki CMS Groupware versions 25.0 and below suffer from multiple cross site request forgery vulnerabilities.
e6e385bd593b19e51fd23dc7a81743ae9a7caac91f486e077758222133af8248SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a cross site request forgery vulnerability.
7ad82d8bc844cdfb8173406cc8e5fa3c2feccd6228cf610d090321bbbbac18b5A partial blind cross site request forgery (CSRF) vulnerability exists in perfSONAR versions 4.x through 4.4.5 within the /perfsonar-graphs/ test results page. Parameters and values can be injected/passed via the URL parameter, forcing the client to connect unknowingly in the background to other sites via transparent XMLHTTPRequests. This partial blind CSRF bypasses the built-in whitelisting function in perfSONAR.
44092efeff9a22718267fc8ee3d1add5f9f7c1bd035ed2fb94ece0d6baf60239This Metasploit module exploits a cross-site request forgery (CSRF) vulnerability in F5 Big-IP's iControl interface to write an arbitrary file to the filesystem. While any file can be written to any location as root, the exploitability is limited by SELinux; the vast majority of writable locations are unavailable. By default, we write to a script that executes at reboot, which means the payload will execute the next time the server boots. An alternate target - Login - will add a backdoor that executes next time a user logs in interactively. This overwrites a file, but we restore it when we get a session Note that because this is a CSRF vulnerability, it starts a web server, but an authenticated administrator must visit the site, which redirects them to the target.
0942abdee0725fc32a285ecb9a23fb1bfe3ecc058946e6d59dda0de6b91cbca4Debian Linux Security Advisory 5279-2 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, create open redirects, bypass authorization access, or perform Cross-Site Request Forgery (CSRF) or Cross-Site Scripting (XSS) attacks. The wordpress package released in DSA-5279-1 had incorrect dependencies that could not be satisfied in Debian stable. This update corrects the problem.
389845c1cb18def69eba66246c35f85df9383c4619ea4cbb54983839e90b7fcbDebian Linux Security Advisory 5279-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, create open redirects, bypass authorization access, or perform Cross-Site Request Forgery (CSRF) or Cross-Site Scripting (XSS) attacks.
341ee59a0eda06f9f4d0a55d3d0dcfde3def67460f959fbb244cede42273627dWordPress BeTheme BeCustom plugin versions 1.0.5.2 and below suffer from a cross site request forgery vulnerability.
651b396c90687b1931dfce7d1f9402a1dff09a912ce895903c27111b0634e43eRed Hat Security Advisory 2022-8057-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include cross site request forgery, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.
3ee16e49a8baf9378c63381be5115444e228ecd6a3b4ae465fcf1331c83fb783Red Hat Security Advisory 2022-7519-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include cross site request forgery, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.
3e15d8d2daf7a09f7541e03f3086b2da3507f9323e80ae6e10ec506f6426e5c7Online Birth Certificate Management System version 1.0 suffers from a cross site request forgery vulnerability.
f90076f01c3d533b4fccbc2387bf165114d9246cfe28d87c6be0ae171a022afeMultix version 2.4 suffers from a cross site request forgery vulnerability.
d804687ad3c71ed52a7465168db79fb1a6b87b78c6e128b3cc988a897cc33cf8Online Employee Leave Management System version 1.0 suffers from a cross site request forgery vulnerability.
0710715d45689c909a85c5900c640070b5bf1573e0e7b5eaa10c502265e786a4WordPress Ecwid Ecommerce Shopping Cart plugin versions 6.10.23 and below suffer from a cross site request forgery vulnerability.
4d8603e0293338606a482d16c657252dae8f29113703208bc7aafca598be3ca6Transposh WordPress Translation versions 1.0.8.1 and below suffer from cross site request forgery vulnerabilities.
00f492b81f8c36b3158ff92303a3ed9b8713a137b201a866100dd6430cd9a03cJM-DATA ONU JF511-TV versions 1.0.67, 1.0.62, and 1.0.55 suffer from cross site request forgery, persistent cross site scripting, default credential, and open redirection vulnerabilities.
c51066c0cb9048b02b75497475a4a15013a17f7c6f79b27527c10c72ae1fc0c9Marval MSM version 14.19.0.12476 suffers from a cross site request forgery vulnerability.
aecc677dbeadf1e311ca918427b11abd363470e74f04e5d771a7638543fba47cPHPIPAM version 1.4.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
050c77ae0f13a5b4247218de44f8bf133ca516aae7da4d73aba802231bdde893WordPress Blue Admin plugin version 21.06.01 suffers from a cross site request forgery vulnerability.
565e1dfee9a847dbd07998efdff9ee95a2f3f8e9796f37efdf64ce435d785ed9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed