Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4069 | 2 Opensuse, Roundcube | 2 Leap, Webmail | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors. | |||||
| CVE-2013-3395 | 1 Cisco | 3 Content Security Management Appliance, Email Security Appliance Firmware, Web Security Appliance | 2018-10-30 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuh70263, CSCuh70323, and CSCuh26634. | |||||
| CVE-2013-0214 | 1 Samba | 1 Samba | 2018-10-30 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions. | |||||
| CVE-2018-0647 | 1 Asus | 2 Wl-330nul, Wl-330nul Firmware | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2018-16416 | 1 Thedaylightstudio | 1 Fuel Cms | 2018-10-25 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password. | |||||
| CVE-2018-16337 | 1 Chshcms | 1 Cscms | 2018-10-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save. | |||||
| CVE-2018-16315 | 1 Bijiadao | 1 Waimai Super Cms | 2018-10-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add. | |||||
| CVE-2018-16339 | 1 Phome | 1 Empirecms | 2018-10-25 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser. | |||||
| CVE-2018-16338 | 1 Auracms | 1 Auracms | 2018-10-25 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic. | |||||
| CVE-2018-16387 | 1 Elefantcms | 1 Elefantcms | 2018-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add. | |||||
| CVE-2018-16448 | 1 Chshcms | 1 Cscms | 2018-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save. | |||||
| CVE-2018-16458 | 1 Baigo | 1 Baigo Cms | 2018-10-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in baigo CMS v2.1.1. There is an index.php?m=article&c=request CSRF that can cause publication of any article. | |||||
| CVE-2018-16332 | 1 Idreamsoft | 1 Icms | 2018-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability. | |||||
| CVE-2018-16331 | 1 Damicms | 1 Damicms | 2018-10-23 | 6.8 MEDIUM | 8.8 HIGH |
| admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password. | |||||
| CVE-2018-11718 | 1 Xovis | 6 Pc2, Pc2 Firmware, Pc2r and 3 more | 2018-10-22 | 6.8 MEDIUM | 8.8 HIGH |
| Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF. | |||||
| CVE-2018-16732 | 1 Chshcms | 1 Cscms | 2018-10-19 | 6.8 MEDIUM | 8.8 HIGH |
| \upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. | |||||
| CVE-2015-4639 | 1 Koha | 1 Koha | 2018-10-18 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name. | |||||
| CVE-2018-15202 | 1 Juunan06 | 1 Ecommerce | 2018-10-18 | 6.8 MEDIUM | 6.3 MEDIUM |
| An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products. | |||||
| CVE-2006-6741 | 1 Mkportal | 1 Mkportal | 2018-10-17 | 5.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag. | |||||
| CVE-2006-6701 | 1 Atmail | 1 Atmail Webmail | 2018-10-17 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail. | |||||