Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7346 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful. | |||||
| CVE-2018-19829 | 1 Artica | 1 Integria Ims | 2019-01-30 | 5.8 MEDIUM | 6.5 MEDIUM |
| Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known. | |||||
| CVE-2018-19135 | 1 Clippercms | 1 Clippercms | 2019-01-30 | 6.8 MEDIUM | 8.8 HIGH |
| ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the "/assets/files" directory. | |||||
| CVE-2018-1000411 | 1 Jenkins | 1 Junit | 2019-01-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result. | |||||
| CVE-2017-17835 | 1 Apache | 1 Airflow | 2019-01-25 | 6.8 MEDIUM | 8.8 HIGH |
| In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow. | |||||
| CVE-2019-6779 | 1 Chshcms | 1 Cscms | 2019-01-25 | 5.8 MEDIUM | 8.1 HIGH |
| Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links. | |||||
| CVE-2019-6244 | 1 Usualtool | 1 Usualtoolcms | 2019-01-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file. | |||||
| CVE-2018-20228 | 1 Subsonic | 1 Subsonic | 2019-01-24 | 6.0 MEDIUM | 8.0 HIGH |
| Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF. | |||||
| CVE-2018-20576 | 1 Orange | 2 Arv7519rw22 Livebox 2.1, Arv7519rw22 Livebox 2.1 Firmware | 2019-01-23 | 5.8 MEDIUM | 5.4 MEDIUM |
| Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. | |||||
| CVE-2019-6510 | 1 Creditease-sec | 1 Insight | 2019-01-23 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app/admin/views.py allows CSRF. | |||||
| CVE-2019-6509 | 1 Creditease-sec | 1 Insight | 2019-01-23 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in creditease-sec insight through 2018-09-11. depart_delete in srcpm/app/admin/views.py allows CSRF. | |||||
| CVE-2019-6508 | 1 Creditease-sec | 1 Insight | 2019-01-23 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in creditease-sec insight through 2018-09-11. role_perm_delete in srcpm/app/admin/views.py allows CSRF. | |||||
| CVE-2019-6507 | 1 Creditease-sec | 1 Insight | 2019-01-23 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in creditease-sec insight through 2018-09-11. login_user_delete in srcpm/app/admin/views.py allows CSRF. | |||||
| CVE-2018-20577 | 1 Orange | 2 Arv7519rw22 Livebox 2.1, Arv7519rw22 Livebox 2.1 Firmware | 2019-01-22 | 9.4 HIGH | 9.1 CRITICAL |
| Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. | |||||
| CVE-2018-1000417 | 1 Jenkins | 1 Email Extension Template | 2019-01-22 | 5.8 MEDIUM | 8.1 HIGH |
| A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates. | |||||
| CVE-2018-1000414 | 1 Jenkins | 1 Config File Provider | 2019-01-22 | 5.8 MEDIUM | 8.1 HIGH |
| A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions. | |||||
| CVE-2018-20728 | 1 Nedi | 1 Nedi | 2019-01-22 | 6.8 MEDIUM | 8.8 HIGH |
| A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp3 allows remote attackers to escalate privileges via User-Management.php. | |||||
| CVE-2016-10738 | 1 Castlamp | 1 Zenbership | 2019-01-18 | 6.8 MEDIUM | 8.8 HIGH |
| Zenbership v107 has CSRF via admin/cp-functions/event-add.php. | |||||
| CVE-2019-6249 | 1 Hucart | 1 Hucart | 2019-01-16 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add. | |||||
| CVE-2019-6294 | 1 Easycms | 1 Easycms | 2019-01-16 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI. | |||||