Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000093 | 1 Cryptonote | 1 Cryptonote | 2018-04-05 | 6.8 MEDIUM | 8.8 HIGH |
| CryptoNote version version 0.8.9 and possibly later contain a local RPC server which does not require authentication, as a result the walletd and the simplewallet RPC daemons will process any commands sent to them, resulting in remote command execution and a takeover of the cryptocurrency wallet if an attacker can trick an application such as a web browser into connecting and sending a command for example. This attack appears to be exploitable via a victim visiting a webpage hosting malicious content that trigger such behavior. | |||||
| CVE-2018-6224 | 1 Trendmicro | 1 Email Encryption Gateway | 2018-04-04 | 6.8 MEDIUM | 8.8 HIGH |
| A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled domain. | |||||
| CVE-2018-7307 | 1 Auth0 | 1 Auth0.js | 2018-03-28 | 6.8 MEDIUM | 8.8 HIGH |
| The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter. | |||||
| CVE-2017-7641 | 1 Qnap | 2 Media Streaming Add-on, Qts | 2018-03-27 | 6.8 MEDIUM | 8.8 HIGH |
| QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not utilize CSRF protections. | |||||
| CVE-2018-7733 | 1 Yxtcmf | 1 Yxtcmf | 2018-03-26 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifying an administrator account via index.php/admin/user/add_post.html. | |||||
| CVE-2018-7565 | 1 Polycom | 2 Qdx 6000, Qdx 6000 Firmware | 2018-03-26 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists on Polycom QDX 6000 devices. | |||||
| CVE-2016-0272 | 1 Ibm | 1 Financial Transaction Manager | 2018-03-26 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors. IBM X-Force ID: 111052. | |||||
| CVE-2018-7634 | 1 Enalean | 1 Tuleap | 2018-03-22 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover. | |||||
| CVE-2014-2838 | 1 Dev4press | 1 Gd Star Rating | 2018-03-19 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct (1) SQL injection attacks via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php or (2) cross-site scripting (XSS) attacks via unspecified vectors. | |||||
| CVE-2017-12415 | 1 Oxid-esales | 1 Eshop | 2018-03-16 | 5.1 MEDIUM | 7.5 HIGH |
| OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x before 4.10.5 (maintenance), and 4.9.x before 4.9.10 (legacy), Enterprise Edition before 6.0.0 RC2 (development), 5.2.x before 5.2.10 (legacy), and 5.3.x before 5.3.5 (maintenance), and Professional Edition before 6.0.0 RC2 (development), 4.9.x before 4.9.10 (legacy) and 4.10.x before 4.10.5 (maintenance) allow remote attackers to hijack the cart session of a client via Cross-Site Request Forgery (CSRF) if the following pre-conditions are met: (1) the attacker knows which shop is presently used by the client, (2) the attacker knows the exact time when the customer will add product items to the cart, (3) the attacker knows which product items are already in the cart (has to know their article IDs), and (4) the attacker would be able to trick user into clicking a button (submit form) of an e-mail or remote site within the period of visiting the shop and placing an order. | |||||
| CVE-2016-0295 | 1 Ibm | 1 Bigfix Platform | 2018-03-16 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363. | |||||
| CVE-2018-7590 | 1 Hoosk | 1 Hoosk | 2018-03-16 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation. | |||||
| CVE-2018-0520 | 1 Fsi | 2 Fs010w, Fs010w Firmware | 2018-03-16 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2018-7308 | 1 Hosting Project | 1 Hosting | 2018-03-16 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was found in var/www/html/files.php in DanWin hosting through 2018-02-11 that allows arbitrary remote users to add/delete/modify any files in any hosting account. | |||||
| CVE-2018-7216 | 1 Tejari | 1 Bravo Solution | 2018-03-16 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that modify their personal data by leveraging lack of anti-CSRF tokens. | |||||
| CVE-2018-7219 | 1 5none | 1 Nonecms | 2018-03-14 | 6.8 MEDIUM | 8.8 HIGH |
| application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request. | |||||
| CVE-2018-7176 | 1 Frontaccounting | 1 Frontaccounting | 2018-03-14 | 6.8 MEDIUM | 8.8 HIGH |
| FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page). | |||||
| CVE-2018-6941 | 1 Nat32 | 1 Nat32 | 2018-03-13 | 6.8 MEDIUM | 8.8 HIGH |
| A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS. | |||||
| CVE-2018-6656 | 1 Zblogcn | 1 Z-blogphp | 2018-03-13 | 5.8 MEDIUM | 6.5 MEDIUM |
| Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories. | |||||
| CVE-2017-17552 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2018-03-13 | 6.8 MEDIUM | 8.8 HIGH |
| /LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted. | |||||