{"vulnerability": "CVE-2016-1500", "sightings": [{"uuid": "79f81425-7f64-425f-9482-79c7ad11cdf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-15005", "type": "seen", "source": "https://t.me/cibsecurity/55459", "content": "\u203c CVE-2016-15005 \u203c\n\nCSRF tokens are generated using math/rand, which is not a cryptographically secure rander number generation, making predicting their values relatively trivial and allowing an attacker to bypass CSRF protections which relatively few requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-28T00:12:14.000000Z"}, {"uuid": "bc40d4d3-58ab-4c16-a064-f52909b558a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-15005", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11451", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2016-15005\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.\n\ud83d\udccf Published: 2022-12-27T21:13:27.393Z\n\ud83d\udccf Modified: 2025-04-11T16:39:25.100Z\n\ud83d\udd17 References:\n1. https://github.com/dinever/golf/pull/24\n2. https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe\n3. https://github.com/dinever/golf/issues/20\n4. https://pkg.go.dev/vuln/GO-2020-0045", "creation_timestamp": "2025-04-11T16:50:58.000000Z"}, {"uuid": "78d96c09-7d05-4f22-805c-414e25853241", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-15007", "type": "seen", "source": "https://t.me/cibsecurity/55746", "content": "\u203c CVE-2016-15007 \u203c\n\nA vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problematic. Affected by this vulnerability is the function SObjectService of the file src/classes/SObjectService.cls of the component SOQL Handler. The manipulation of the argument orderDirection leads to injection. The name of the patch is db03ac5b8a9d830095991b529c067a030a0ccf7b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217195.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-02T22:30:22.000000Z"}, {"uuid": "98ad20ee-4920-40ff-9963-ce9a25fad2dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-15003", "type": "seen", "source": "https://t.me/cibsecurity/46425", "content": "\u203c CVE-2016-15003 \u203c\n\nA vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\\Program Files\\FileZilla FTP Client\\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T12:34:19.000000Z"}]}