Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2021-24252

The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation checks are missing (but would require WP to be loaded)

CVE
#csrf#wordpress#php#rce#auth
CVE-2021-24272

The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue

CVE-2021-28280: Online Notepad - CSRF to Reflected XSS vulnerability on PHPFusion 9.03.110 CMS

CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML

CVE-2021-31762: GitHub - electronicbots/CVE-2021-31762: Exploiting a Cross-site request forgery (CSRF) attack to creat a new privileged user through the Webmin's add users feature

Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.

CVE-2021-31584: Sipwise C5 NGCP CSC Cross Site Request Forgery ≈ Packet Storm

Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges.

CVE-2021-21644: Jenkins Security Advisory 2021-04-21

A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID.

RHSA-2021:1313: Red Hat Security Advisory: Satellite 6.9 Release

An update is now available for Red Hat Satellite 6.9 for RHEL 7.Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fix(es): * foreman: Managing repositories with their id via hammer does not respect the role filters (CVE-2017-2662) * python-psutil: Double free because of refcount mishandling (CVE-2019-18874) * candlepin: netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612) * foreman: world-readable OMAPI secret through the ISC DHCP server (CVE-2020-14335) * candlepin: resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling (CVE-2020-25633) * python-django: potential SQL injection via "tolerance" parameter in GIS functions and aggregates on Oracle (CVE-2020-9402) For more details about the security issue(s), includin...

RHSA-2021:1129: Red Hat Security Advisory: Red Hat 3scale API Management 2.10.0 security update and release

A security update for Red Hat 3scale API Management Platform is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This advisory is intended to use with container images for Red Hat 3scale API Management 2.10.0. Security Fix(es): * golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (...

CVE-2021-21425: Unexpected Journey #7 – GravCMS Unauthenticated Arbitrary YAML Write/Update leads to Code Execution (CVE-2021-21425) – Pentest Blog

Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround.

CVE-2021-21641: Jenkins Security Advisory 2021-04-07

A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds.