Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

GHSA-4crf-28c7-v4gr: Openshift Console insufficient entropy vulnerability

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.

ghsa
#csrf#vulnerability#git#oauth#auth
Lost and Found Information System 1.0 Cross Site Request Forgery

Lost and Found Information System version 1.0 suffers from a cross site request forgery vulnerability.

Loan Management System 1.0 Cross Site Request Forgery

Loan Management System version 1.0 suffers from a cross site request forgery vulnerability.

ABIC Cardiology Management System 1.0 Cross Site Request Forgery

ABIC Cardiology Management System version 1.0 suffers from a cross site request forgery vulnerability.

Hotel Management System 1.0 Cross Site Request Forgery

Hotel Management System version 1.0 suffers from a cross site request forgery vulnerability.

Accounting Journal Management System 1.0 Cross Site Request Forgery

Accounting Journal Management System version 1.0 suffers from a cross site request forgery vulnerability.

Build Your Own Botnet 2.0.0 Remote Code Execution

Build Your Own Botnet (BYOB) version 2.0.0 exploit that works by spoofing an agent callback to overwrite the sqlite database and bypass authentication and exploiting an authenticated command injection in the payload builder page.