CSRF Files ≈ Packet Storm

CSRF Files ≈ Packet Storm Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:57:13 GMT Packet Storm 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1806339397&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=CSRF%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Fcsrf%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1806339397.1338191833.1338191833.1338191833.1%3B%2B__utmz%3D32867617.1338191833.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) Santilga CMS 1.2.6.3 Cross Site Request Forgery / SQL Injection http://packetstormsecurity.org/files/113062/santilga-sqlxsrf.txt http://packetstormsecurity.org/files/113062/santilga-sqlxsrf.txt http://packetstormsecurity.org/files/113062/Santilga-CMS-1.2.6.3-Cross-Site-Request-Forgery-SQL-Injection.html Sun, 27 May 2012 18:50:12 GMT Santilga CMS version 1.2.6.3 suffers from cross site request forgery and remote SQL injection vulnerabilities. AzDGDatingMedium 1.9.3 XSS / CSRF / SQL Injection / Directory Traversal http://packetstormsecurity.org/files/113061/azdgdatingmedium-xssxsrfexec.txt http://packetstormsecurity.org/files/113061/azdgdatingmedium-xssxsrfexec.txt http://packetstormsecurity.org/files/113061/AzDGDatingMedium-1.9.3-XSS-CSRF-SQL-Injection-Directory-Traversal.html Sun, 27 May 2012 18:48:31 GMT AzDGDatingMedium version 1.9.3 suffers from cross site request forgery, cross site scripting, php code execution, remote SQL injection, and directory traversal vulnerabilities. Secunia Security Advisory 49275 http://packetstormsecurity.org/files/113056/sa49275.txt http://packetstormsecurity.org/files/113056/sa49275.txt http://packetstormsecurity.org/files/113056/Secunia-Security-Advisory-49275.html Sat, 26 May 2012 07:07:15 GMT Secunia Security Advisory - Debian has issued an update for request-tracker3.8. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information, conduct SQL injection attacks, and bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks, cross-site request forgery attacks, and compromise a vulnerable system. DynPage 1.0 Cross Site Request Forgery / Shell Upload http://packetstormsecurity.org/files/113048/dynpage-xsrfshell.txt http://packetstormsecurity.org/files/113048/dynpage-xsrfshell.txt http://packetstormsecurity.org/files/113048/DynPage-1.0-Cross-Site-Request-Forgery-Shell-Upload.html Fri, 25 May 2012 19:11:11 GMT DynPage version 1.0 suffers from cross site request forgery and shell upload vulnerabilities. Secunia Security Advisory 49265 http://packetstormsecurity.org/files/113047/sa49265.txt http://packetstormsecurity.org/files/113047/sa49265.txt http://packetstormsecurity.org/files/113047/Secunia-Security-Advisory-49265.html Fri, 25 May 2012 01:00:38 GMT Secunia Security Advisory - SUSE has issued an update for cobbler. This fixes two vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site request forgery attacks. Social Engine 4.2.2 Cross Site Request Forgery / Cross Site Scripting http://packetstormsecurity.org/files/113015/socialengine-xssxsrf.txt http://packetstormsecurity.org/files/113015/socialengine-xssxsrf.txt http://packetstormsecurity.org/files/113015/Social-Engine-4.2.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html Thu, 24 May 2012 15:27:22 GMT Social Engine version 4.2.2 suffers from cross site request forgery and cross site scripting vulnerabilities. Drupal BrowserID 7.x Cross Site Request Forgery http://packetstormsecurity.org/files/112997/DRUPAL-SA-CONTRIB-2012-085.txt http://packetstormsecurity.org/files/112997/DRUPAL-SA-CONTRIB-2012-085.txt http://packetstormsecurity.org/files/112997/Drupal-BrowserID-7.x-Cross-Site-Request-Forgery.html Wed, 23 May 2012 18:44:44 GMT Drupal BrowserID third party module version 7.x suffers from a cross site request forgery vulnerability. Secunia Security Advisory 49259 http://packetstormsecurity.org/files/112984/sa49259.txt http://packetstormsecurity.org/files/112984/sa49259.txt http://packetstormsecurity.org/files/112984/Secunia-Security-Advisory-49259.html Wed, 23 May 2012 06:21:05 GMT Secunia Security Advisory - Multiple vulnerabilities have been reported in RT, which can be exploited by malicious users to disclose potentially sensitive information, conduct SQL injection attacks, and bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks, cross-site request forgery attacks, and compromise a vulnerable system. Ajaxmint-Gallery 1.0 Cross Site Request Forgery http://packetstormsecurity.org/files/112943/ajaxmintgallery-xsrf.txt http://packetstormsecurity.org/files/112943/ajaxmintgallery-xsrf.txt http://packetstormsecurity.org/files/112943/Ajaxmint-Gallery-1.0-Cross-Site-Request-Forgery.html Sun, 20 May 2012 17:22:22 GMT Ajaxmint-Gallery version 1.0 suffers from a cross site request forgery vulnerability. Concrete 5.5.21 XSS / CSRF / Path Disclosure http://packetstormsecurity.org/files/112885/concrete5521-xssxsrf.txt http://packetstormsecurity.org/files/112885/concrete5521-xssxsrf.txt http://packetstormsecurity.org/files/112885/Concrete-5.5.21-XSS-CSRF-Path-Disclosure.html Sat, 19 May 2012 09:09:09 GMT Concrete version 5.5.21 suffers from cross site request forgery, cross site scripting, and various other vulnerabilities. Secunia Security Advisory 49205 http://packetstormsecurity.org/files/112868/sa49205.txt http://packetstormsecurity.org/files/112868/sa49205.txt http://packetstormsecurity.org/files/112868/Secunia-Security-Advisory-49205.html Fri, 18 May 2012 05:24:26 GMT Secunia Security Advisory - Multiple vulnerabilities have been reported in Liferay Portal, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. Secunia Security Advisory 49133 http://packetstormsecurity.org/files/112811/sa49133.txt http://packetstormsecurity.org/files/112811/sa49133.txt http://packetstormsecurity.org/files/112811/Secunia-Security-Advisory-49133.html Thu, 17 May 2012 11:18:58 GMT Secunia Security Advisory - Chokri B.A. has reported a vulnerability in GENU, which can be exploited by malicious people to conduct cross-site request forgery attacks. Axous 1.1.1 Cross Site Request Forgery / Cross Site Scripting http://packetstormsecurity.org/files/112748/axous-csrf.txt http://packetstormsecurity.org/files/112748/axous-csrf.txt http://packetstormsecurity.org/files/112748/Axous-1.1.1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html Tue, 15 May 2012 22:42:51 GMT Axous version 1.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities. Liferay 6.1 Cross Site Request Forgery http://packetstormsecurity.org/files/112746/liferay-xsrf.tgz http://packetstormsecurity.org/files/112746/liferay-xsrf.tgz http://packetstormsecurity.org/files/112746/Liferay-6.1-Cross-Site-Request-Forgery.html Tue, 15 May 2012 22:35:19 GMT Liferay version 6.1 is vulnerable to JSON-related cross site request forgery attacks. Proof of concept code is included. Secunia Security Advisory 49109 http://packetstormsecurity.org/files/112715/sa49109.txt http://packetstormsecurity.org/files/112715/sa49109.txt http://packetstormsecurity.org/files/112715/Secunia-Security-Advisory-49109.html Mon, 14 May 2012 07:11:32 GMT Secunia Security Advisory - Two vulnerabilities have been reported in NetBill, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks. Secunia Security Advisory 49132 http://packetstormsecurity.org/files/112712/sa49132.txt http://packetstormsecurity.org/files/112712/sa49132.txt http://packetstormsecurity.org/files/112712/Secunia-Security-Advisory-49132.html Mon, 14 May 2012 07:11:22 GMT Secunia Security Advisory - Multiple vulnerabilities have been discovered in FreeRealty, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery and SQL injection attacks. NetBill Billing System 1.2 CSRF / XSS http://packetstormsecurity.org/files/112655/VL-560.txt http://packetstormsecurity.org/files/112655/VL-560.txt http://packetstormsecurity.org/files/112655/NetBill-Billing-System-1.2-CSRF-XSS.html Sun, 13 May 2012 06:04:15 GMT NetBill Billing System version 1.2 suffers from cross site request forgery and cross site scripting vulnerabilities. Free Reality 3.1-0.6 XSS / CSRF / SQL Injection http://packetstormsecurity.org/files/112651/VL-513.txt http://packetstormsecurity.org/files/112651/VL-513.txt http://packetstormsecurity.org/files/112651/Free-Reality-3.1-0.6-XSS-CSRF-SQL-Injection.html Sat, 12 May 2012 22:22:22 GMT Free Reality version 3.1-0.6 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. GENU CMS 2012.4 CSRF / SQL Injection http://packetstormsecurity.org/files/112645/VL-519.txt http://packetstormsecurity.org/files/112645/VL-519.txt http://packetstormsecurity.org/files/112645/GENU-CMS-2012.4-CSRF-SQL-Injection.html Sat, 12 May 2012 14:22:22 GMT GENU CMS version 2012.4 suffers from cross site request forgery and remote SQL injection vulnerabilities. Drupal Take Control 6.x Cross Site Request Forgery http://packetstormsecurity.org/files/112592/DRUPAL-SA-CONTRIB-2012-075.txt http://packetstormsecurity.org/files/112592/DRUPAL-SA-CONTRIB-2012-075.txt http://packetstormsecurity.org/files/112592/Drupal-Take-Control-6.x-Cross-Site-Request-Forgery.html Thu, 10 May 2012 04:32:00 GMT Drupal Take Control third party module version 6.x suffers from a cross site request forgery vulnerability. Secunia Security Advisory 49060 http://packetstormsecurity.org/files/112602/sa49060.txt http://packetstormsecurity.org/files/112602/sa49060.txt http://packetstormsecurity.org/files/112602/Secunia-Security-Advisory-49060.html Thu, 10 May 2012 01:02:01 GMT Secunia Security Advisory - A vulnerability has been reported in the Take Control module for Drupal, which can be exploited by malicious people to conduct cross-site request forgery attacks. X7 Chat 2.0.5.1 Cross Site Request Forgery http://packetstormsecurity.org/files/112573/x7chat-xsrf.txt http://packetstormsecurity.org/files/112573/x7chat-xsrf.txt http://packetstormsecurity.org/files/112573/X7-Chat-2.0.5.1-Cross-Site-Request-Forgery.html Wed, 09 May 2012 17:22:22 GMT X7 Chat versions 2.0.5.1 and below suffer from a cross site request forgery vulnerability. Secunia Security Advisory 49101 http://packetstormsecurity.org/files/112565/sa49101.txt http://packetstormsecurity.org/files/112565/sa49101.txt http://packetstormsecurity.org/files/112565/Secunia-Security-Advisory-49101.html Wed, 09 May 2012 07:38:02 GMT Secunia Security Advisory - Multiple vulnerabilities have been reported in Cisco Secure ACS, where some have unknown impacts and others can be exploited by malicious people to conduct script insertion, cross-site request forgery, and SQL injection attacks. Cisco Linksys WRT54GL Cross Site Request Forgery http://packetstormsecurity.org/files/112541/ciscolinksys-xsrf.txt http://packetstormsecurity.org/files/112541/ciscolinksys-xsrf.txt http://packetstormsecurity.org/files/112541/Cisco-Linksys-WRT54GL-Cross-Site-Request-Forgery.html Tue, 08 May 2012 17:17:17 GMT The Cisco Linksys WRT54GL router suffers from a cross site request forgery vulnerability. Magnolia Development Group CSRF / SQL Injection http://packetstormsecurity.org/files/112492/mdg-sqlxsrf.txt http://packetstormsecurity.org/files/112492/mdg-sqlxsrf.txt http://packetstormsecurity.org/files/112492/Magnolia-Development-Group-CSRF-SQL-Injection.html Mon, 07 May 2012 19:52:49 GMT Magnolia Development Group suffers from cross site request forgery and remote SQL injection vulnerabilities.