Twenty Year Anniversary
Showing 101 - 125 of 2,873 RSS Feed

CSRF Files

WDMyCloud 2.30.165 CSRF / File Upload / Code Execution / Backdoor / DoS
Posted Jan 5, 2018
Authored by James Bercegay | Site gulftech.org

WDMyCloud versions 2.30.165 and below suffer from file upload, hard coded backdoor, command injection, cross site request forgery, denial of service, and information disclosure vulnerabilities.

tags | exploit, denial of service, vulnerability, info disclosure, file upload, csrf
MD5 | 237300fca05d76ae09ec41cf79aeccf9
HP Security Bulletin MFSBGN03793 2
Posted Jan 4, 2018
Authored by HP | Site hp.com

HP Security Bulletin MFSBGN03793 2 - A potential security vulnerability has been identified in Micro Focus Project and Portfolio Management Center. This vulnerability could be remotely exploited to execute a Man-in-the-Middle (MitM) attack and Cross-site Request Forgery (CSRF). Revision 2 of this advisory.

tags | advisory, csrf
advisories | CVE-2017-14361, CVE-2017-14362
MD5 | c1b50c10bd073511ea9e2550892d4bd9
Telesquare SKT LTE Router SDT-CS3B1 CSRF / Command Execution
Posted Dec 27, 2017
Authored by LiquidWorm | Site zeroscience.mk

The Telesquare SKT LTE SDT-CS3B1 router suffers from authenticated arbitrary system command execution. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web, arbitrary, csrf
MD5 | 4b9db3573ba7740ca38f47752d155a59
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Request Forgery
Posted Nov 30, 2017
Authored by Himanshu Mehta

ZKTeco ZKTime Web version 2.0.1.12280 suffers from a cross site request forgery vulnerability.

tags | exploit, web, csrf
advisories | CVE-2017-17056
MD5 | 49b9af816ec019c072d78c914ee5e93c
pfSense 2.4.1 Clickjacking
Posted Nov 23, 2017
Authored by Securify B.V.

pfSense version 2.4.1 suffers from a clickjacking vulnerability in the cross site request forgery error page.

tags | advisory, csrf
MD5 | d27cfffbd264ae18908fb4c5e7e89289
D-Link DCS-936L Cross Site Request Forgery
Posted Nov 17, 2017
Authored by SlidingWindow

D-Link DCS-936L suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2017-7851
MD5 | 16ebb26ff2ecf0815f3032dd2a3b7e7c
OctoberCMS 1.0.426 (Build 426) Cross Site Request Forgery
Posted Nov 2, 2017
Authored by Zain Sabahat

OctoberCMS version 1.0.426 (Build 426) suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2017-16244
MD5 | 29c853f56b59ad6e4cb2b4757ef9e2c6
JanTek JTC-200 RS232-NET Connector CSRF / Missing Authentication
Posted Oct 31, 2017
Authored by Karn Ganeshen

JanTek JTC-200 RS232-NET Connector suffers from cross site request forgery and missing authentication vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2016-5789, CVE-2016-5791
MD5 | 020bc5ac941329974bf88c561dc914f2
ZKTime Web Software 2.0 Cross Site Request Forgery
Posted Oct 20, 2017
Authored by Arvind V

ZKTime Web Software version 2.0 suffers from a cross site request forgery vulnerability.

tags | exploit, web, csrf
advisories | CVE-2017-13129
MD5 | f8c4d4b15229d25be5aec0554197f32d
Afian AB FileRun 2017.03.18 CSRF / Shell Upload / XSS / Redirection
Posted Oct 17, 2017
Authored by Roman Ferdigg | Site sec-consult.com

Afian AB FileRun version 2017.03.18 suffers from cross site request forgery, cross site scripting, open redirection, remote shell upload, and various other vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, csrf
MD5 | 3ff1edbfd9d2d8fe8f706e14236d4010
Linksys E Series CSRF / XSS / Denial Of Service / Header Injection
Posted Oct 17, 2017
Authored by T. Weber | Site sec-consult.com

Linksys E series devices suffer from cross site request forgery, cross site scripting, header injection, denial of service, and various other vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, csrf
MD5 | 0ce91d638136df599d22cc0f4b0e53b1
Webmin 1.850 SSRF / CSRF / Cross Site Scripting / Command Execution
Posted Oct 16, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Webmin version 1.850 suffers from server side request forgery, cross site request forgery, and cross site scripting vulnerabilities, the last of which can lead to remote command execution.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2017-15646, CVE-2017-15645, CVE-2017-15644
MD5 | e8275ecd6d49c4502a0718560697279c
AlienVault USM 5.4.2 Cross Site Request Forgery
Posted Oct 14, 2017
Authored by Julien Ahrens | Site rcesecurity.com

AlienVault USM version 5.4.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2017-14956
MD5 | 6e771ba0baa2d865a2bac29ab5c0ceb6
Metasploit Cross Site Rquest Forgery
Posted Oct 7, 2017
Authored by Dhiraj Mishra

Metasploit Pro, Express, Ultimate, and Community suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2017-15084
MD5 | c8ca60fdae30ac7c1a2e4987f680b81e
Magento Cross Site Requst Forgery / Cross Site Scripting
Posted Oct 5, 2017
Authored by DefenseCode, Bosko Stankovic

During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator account takeover, putting the website customers and their payment information at risk. Versions affected include Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to 1.14.3.6, Magento 2.0 prior to 2.0.16, and Magento 2.1 prior to 2.1.9.

tags | exploit, vulnerability, xss, csrf
MD5 | b8e9abcbfbba8f6e6349871a393da400
Magento Cross Site Requst Forgery / Cross Site Scripting
Posted Oct 4, 2017
Authored by DefenseCode, Bosko Stankovic

During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator account takeover, putting the website customers and their payment information at risk. This is a second advisory from DefenseCode for the same software and vulnerabilities. Versions affected include Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to 1.14.3.6, Magento 2.0 prior to 2.0.16, and Magento 2.1 prior to 2.1.9.

tags | exploit, vulnerability, xss, csrf
MD5 | 6fac5f12b988c5d618dd41e90f4d5591
Faleemi FSC-880 CSRF / SQL Injection / Command Execution
Posted Sep 29, 2017
Authored by Oleg Puzanov

Faleemi FSC-880 suffers from command execution, cross site request forgery, remote SQL injection, and various other vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
advisories | CVE-2017-14743
MD5 | 3621d070c03120bb5f7f1fb0e4811228
WordPress Content Audit 1.9.1 Cross Site Request Forgery / Cross Site Scripting
Posted Sep 28, 2017
Authored by Tom Adams

WordPress Content Audit plugin version 1.9.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | ccae3b90f7af6c68d9ede2de79f8f3b6
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Request Forgery
Posted Sep 19, 2017
Authored by Arvind Vishwakarma

ZKTeco ZKTime Web version 2.0.1.12280 suffers from a cross site request forgery vulnerability.

tags | exploit, web, csrf
MD5 | 1ebd8d29476f9a7cfd4912a6b57b2711
WiseGiga NAS CSRF / LFI / Command Execution
Posted Sep 11, 2017
Authored by Pierre Kim

WiseGiga NAS suffers from cross site request forgery, local file inclusion, command execution, and default credential vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, csrf
MD5 | 047939def71293ad9bd51f3067e33736
Nimble Professional 1.0 Cross Site Request Forgery
Posted Sep 11, 2017
Authored by Ihsan Sencan

Nimble Professional version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | fd8d17cd9a81f6edd50d28d1d45509c9
jRank Topsites 1.0 Cross Site Request Forgery / Code Injection
Posted Sep 9, 2017
Authored by Ihsan Sencan

jRank Topsites version 1.0 suffers from a cross site request forgery vulnerability that allows for PHP code injection vulnerability.

tags | exploit, php, csrf
MD5 | f9c9dacf3c805760fedafa777dff54be
D-Link 850L XSS / Backdoor / Code Execution
Posted Sep 8, 2017
Authored by Pierre Kim

D-Link 850L suffers from cross site scripting, access bypass, backdoor, bruteforcing, information disclosure, remote code execution, and denial of service vulnerabilities. Basically, do not use this device unless you want to analyze it to see how not to design something.

tags | exploit, remote, denial of service, vulnerability, code execution, xss, info disclosure, csrf
MD5 | 806b47aee2ece40feb77375c1dcacc3d
EE 4GEE Wireless Router EE60_00_05.00_25 XSS / CSRF / Disclosure
Posted Sep 8, 2017
Authored by James Hemmings

EE 4GEE wireless router version EE60_00_05.00_25 suffers from cross site request forgery, cross site scripting, and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, csrf
MD5 | c4b9a415add552983b5133ebe5cfad74
Pay Banner Text Link Ad 1.0.6.1 Cross Site Request Forgery
Posted Sep 7, 2017
Authored by Ihsan Sencan

Pay Banner Text Link Ad version 1.0.6.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 58ad83ebdd2f80e7cd6f5d2b87c3d850
Page 5 of 115
Back34567Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    9 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    34 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close