HackDig : Dig high-quality web security articles for hackers

All-Dynamics Software enlogic:show Digital Signage System 2.0.2 CSRF Add Admin

Title: All-Dynamics Software enlogic:show Digital Signage System 2.0.2 CSRF Add Admin Advisory ID: ZSL-2020-5576 Type: Local/Remote Impact: Cross-Site Scripting Risk: (2/5) Release Date: 31.07.2020SummaryBring communication with your customers, guests or employeesto a new
Publish At:2020-07-31 21:41 | Read:203 | Comments:0 | Tags: Csrf

UBICOD Medivision Digital Signage 1.5.1 CSRF Add Super Admin

Title: UBICOD Medivision Digital Signage 1.5.1 CSRF Add Super Admin Advisory ID: ZSL-2020-5574 Type: Local/Remote Impact: Cross-Site Scripting Risk: (3/5) Release Date: 19.07.2020Summary Medivision is a service that provides everything from DID operation todevelopment of
Publish At:2020-07-19 16:15 | Read:136 | Comments:0 | Tags: Csrf

Chrome 84 Brings 38 Security Patches, Resumes CSRF Protection Rollout

Chrome 84 was released in the stable channel this week with a total of 38 patches, but also with additional security improvements, including the rollout of a previously announced SameSite cookie change.Initially announced in May 2019, the change is meant to provide users with improved protection against cross-site request forgery (CSRF) attacks by making onl
Publish At:2020-07-15 11:44 | Read:80 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Csrf

Verint Impact 360 login CSRF

<!--# Exploit Title: Verint Impact 360 login CSRF# Date: 7-13-2020# Exploit Author: Ryan Delaney# Author Contact: ryan.delaney () owasp org# Author LinkedIn: https://www.linkedin.com/in/infosecrd/# Vendor Homepage: https://www.verint.com/# Software Link:https://www.verint.com/engagement/our-offerings/solutions/workforce-optimization/# Version: Impact 360
Publish At:2020-07-14 06:14 | Read:159 | Comments:0 | Tags: Csrf

Bolt CMS <= 3.7.0 Multiple Vulnerabilities - CSRF to RCE

########################################################################### Bolt CMS <= 3.7.0 Multiple Vulnerabilities ###########################################################################Author - Sivanesh Ashok | @sivaneshashok | stazot.comDate : 2020-03-24Vendor : https://bolt.cm/Version : <= 3.7.0
Publish At:2020-07-03 13:50 | Read:184 | Comments:0 | Tags: Csrf

Drupal addresses critical code execution vulnerability

Drupal released security updates to patch several security issues, including a flaw that could allow an attacker to execute arbitrary PHP code. Drupal released security updates to address multiple security vulnerabilities, including a “critical” flaw tracked as CVE-2020-13664 that could be exploited by an attacker to execute arbitrary PHP code
Publish At:2020-06-18 12:28 | Read:255 | Comments:0 | Tags:Breaking News Hacking Security CSRF Drupal hacking news info

Secure Computing SnapGear Management Console SG560 v3.1.5 CSRF Add Super User

Title: Secure Computing SnapGear Management Console SG560 v3.1.5 CSRF Add Super User Advisory ID: ZSL-2020-5567 Type: Local/Remote Impact: Cross-Site Scripting Risk: (4/5) Release Date: 04.06.2020SummaryThe SG gateway appliance range provides Internet security andprivacy
Publish At:2020-06-04 11:23 | Read:293 | Comments:0 | Tags: Csrf

P5 FNIP-8x16A/FNIP-4xSH CSRF Stored Cross-Site Scripting

Title: P5 FNIP-8x16A/FNIP-4xSH CSRF Stored Cross-Site Scripting Advisory ID: ZSL-2020-5564 Type: Local/Remote Impact: Cross-Site Scripting Risk: (3/5) Release Date: 21.04.2020SummaryThe FNIP-8x16A is an eight channel relay module used for switching anytype of load that do
Publish At:2020-04-20 22:03 | Read:491 | Comments:0 | Tags: Csrf

Prestashop <= 1.7.6.4 Multiple Vulnerabilities - CSRF to RCE

########################################################################### Prestashop <= 1.7.6.4 Multiple Vulnerabilities ###########################################################################Author - Sivanesh Ashok | @sivaneshashok <https://twitter.com/sivaneshashok>| stazot.comLast Modified: 2020-04-11Vendor : h
Publish At:2020-04-17 13:40 | Read:494 | Comments:0 | Tags: Csrf

Google Rolls Back Recently Introduced Chrome CSRF Protection

Google last week announced that it has started rolling back a cross-site request forgery (CSRF) protection introduced in early February with the release of Chrome 80 in the stable channel.Initially announced in May 2019, the protection involves Chrome enforcing a new secure-by-default cookie classification system, where cookies that haven’t declared a SameSi
Publish At:2020-04-06 15:56 | Read:677 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Management & St

Intruder and CSRF-protected form, without macros

Introduction In these days, CSRF tokens are more and more prevalent in Web applications. As a consequence, managing tokens within an intercepting proxy is a very common task for pentesters and bug hunters alike. From what I read online, most users of Burp Suite Pro tend to use Macros and Session handling rules as soon as CSRF tokens are involved, and that m
Publish At:2020-01-13 22:25 | Read:520 | Comments:0 | Tags: Csrf

Carlo Gavazzi SmartHouse Webapp 6.5.33 CSRF/XSS Vulnerabilities

Title: Carlo Gavazzi SmartHouse Webapp 6.5.33 CSRF/XSS Vulnerabilities Advisory ID: ZSL-2019-5543 Type: Local/Remote Impact: Cross-Site Scripting Risk: (3/5) Release Date: 30.11.2019SummaryCarlo Gavazzi is an international company that develops, manufacturesand sells elec
Publish At:2019-11-30 22:35 | Read:1195 | Comments:0 | Tags: Xss Csrf

Researcher spotted flaws in the web-based version of popular Sarahah app

A security researcher discovered a number of embarrassing vulnerabilities in the popular anonymous feedback app Sarahah. The anonymous feedback app Sarahah makes the headlines once again, according to the according to security researcher Scott Helme, the web-based version of the app is plagued with security flaws. Sarahah mobile app allows users to receive a
Publish At:2017-10-24 13:20 | Read:2800 | Comments:0 | Tags:Breaking News Hacking CSRF mobile app Sarahah web applicatio

DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #1

            DefenseCode Security Advisory   Magento Commerce CSRF, Stored Cross Site ScriptingAdvisory ID: DC-2017-09-001Advisory Title: Magento CSRF, Stored Cross Site ScriptingAdvisory URL:http://www.defensecode.com/advisories/DC-2017-09-001_Magento_CSRF_Stored_Cross_Site_Scripting.pdfSoftware: Magento Commerce, CESoftware Language: PHPVersion: Magento CE
Publish At:2017-10-07 06:20 | Read:4598 | Comments:0 | Tags: Csrf

DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #2

             DefenseCode Security Advisory    Magento Commerce CSRF, Stored Cross Site ScriptingAdvisory ID: DC-2017-09-002Advisory Title: Magento CSRF, Stored Cross Site ScriptingAdvisory URL:http://www.defensecode.com/advisories/DC-2017-09-002_Magento_CSRF_Stored_Cross_Site_Scripting.pdfSoftware: Magento Commerce, CESoftware Language: PHPVersion: Magento C
Publish At:2017-10-07 06:20 | Read:4196 | Comments:0 | Tags: Csrf

Tools

Tag Cloud