Arvind V

3 exploits Active since Sep 2017
CVE-2017-13129 EXPLOITDB HIGH html WORKING POC
ZKTeco ZKTime Web 2.0.1.12280 - Authenticated Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.
CVSS 8.0
CVE-2017-14680 EXPLOITDB HIGH text WRITEUP
ZKTeco ZKTime Web 2.0.1.12280 - Info Disclosure
ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.
CVSS 7.5
CVE-2018-7216 EXPLOITDB HIGH html WORKING POC
Bravo Tejari Procurement Portal - Authenticated Cross-Site Request Forgery in Profile Data Update
Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that modify their personal data by leveraging lack of anti-CSRF tokens.
CVSS 8.0