CVE-2012-1415
published 2014-12-28CVE-2012-1415: Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of…
PriorityP431medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.06%
60.3th percentile
Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dflabs | ptk | <= 1.0.5 | — |
| mit | krb5 | >= 0 < 1.12+dfsg-2ubuntu4.2 | 1.12+dfsg-2ubuntu4.2 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qhp4-7844-88j3: Cross-site request forgery (CSRF) vulnerability in lib/logout
ghsa_unreviewed·2022-05-17
CVE-2012-1415 [MEDIUM] CWE-352 GHSA-qhp4-7844-88j3: Cross-site request forgery (CSRF) vulnerability in lib/logout
Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout.
OSV
krb5 vulnerabilities
osv·2014-08-11·CVSS 5.0
CVE-2012-1016 krb5 vulnerabilities
krb5 vulnerabilities
It was discovered that Kerberos incorrectly handled certain crafted Draft 9
requests. A remote attacker could use this issue to cause the daemon to
crash, resulting in a denial of service. This issue only affected Ubuntu
12.04 LTS. (CVE-2012-1016)
It was discovered that Kerberos incorrectly handled certain malformed
KRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this
issue to cause the daemon to crash, resulting in a denial of service. This
issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1415)
It was discovered that Kerberos incorrectly handled certain crafted TGS-REQ
requests. A remote authenticated attacker could use this issue to cause the
daemon to crash, resulting in a denial of service. This issue only affected
Ubuntu 1
No detection rules found.
No writeups or analysis indexed.
2014-12-28
Published