Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9134 | 1 Dedecms | 1 Dedecms | 2018-04-23 | 6.8 MEDIUM | 8.8 HIGH |
| file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters. | |||||
| CVE-2015-2009 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2018-04-23 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin. IBM X-Force ID: 103921. | |||||
| CVE-2018-9108 | 1 Quickappscms | 1 Quickapps Cms | 2018-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an unauthorized remote attacker to create an account with admin privileges. | |||||
| CVE-2018-8764 | 2 Debian, Ldap-account-manager | 2 Debian Linux, Ldap Account Manager | 2018-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging. | |||||
| CVE-2018-7700 | 1 Dedecms | 1 Dedecms | 2018-04-19 | 6.8 MEDIUM | 8.8 HIGH |
| DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code. | |||||
| CVE-2018-1213 | 1 Dell | 1 Emc Isilon Onefs | 2018-04-19 | 6.8 MEDIUM | 8.8 HIGH |
| Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application. | |||||
| CVE-2014-2675 | 1 Wp-html-sitemap Project | 1 Wp-html-sitemap | 2018-04-18 | 5.8 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-sitemap page in wp-admin/options-general.php. | |||||
| CVE-2014-2274 | 1 Subscribe To Comments Reloaded Project | 1 Subscribe To Comments Reloaded | 2018-04-17 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php. | |||||
| CVE-2018-9923 | 1 Icmsdev | 1 Icms | 2018-04-17 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request. | |||||
| CVE-2014-1457 | 1 Openwebanalytics | 1 Open Web Analytics | 2018-04-17 | 6.8 MEDIUM | 8.8 HIGH |
| Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name. | |||||
| CVE-2014-2550 | 1 Disable Comments | 1 Disable Comments Project | 2018-04-17 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settings page to wp-admin/options-general.php. | |||||
| CVE-2018-10031 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-04-13 | 6.8 MEDIUM | 8.8 HIGH |
| CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php. | |||||
| CVE-2018-10030 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-04-13 | 6.8 MEDIUM | 8.8 HIGH |
| CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php. | |||||
| CVE-2017-17960 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2018-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php. | |||||
| CVE-2018-1000137 | 1 I-librarian | 1 I Librarian | 2018-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge. | |||||
| CVE-2018-1000092 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-04-10 | 6.8 MEDIUM | 8.8 HIGH |
| CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715. This attack appear to be exploitable via A specially crafted web page. This vulnerability appears to have been fixed in 2.2.6. | |||||
| CVE-2014-4613 | 1 Piwigo | 1 Piwigo | 2018-04-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php. | |||||
| CVE-2018-8717 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2018-04-09 | 6.8 MEDIUM | 8.8 HIGH |
| joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/admin_ajax.php?action=save&tab={pre}manager request. | |||||
| CVE-2018-1000082 | 1 Ajenti | 1 Ajenti | 2018-04-06 | 6.8 MEDIUM | 8.8 HIGH |
| Ajenti version version 2 contains a Cross ite Request Forgery (CSRF) vulnerability in the command execution panel of the tool used to manage the server. that can result in Code execution on the server . This attack appear to be exploitable via Being a CSRF, victim interaction is needed, when the victim access the infected trigger of the CSRF any code that match the victim privledges on the server can be executed.. | |||||
| CVE-2018-7701 | 1 Securenvoy | 1 Securmail | 2018-04-06 | 5.8 MEDIUM | 6.5 MEDIUM |
| Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe. | |||||