Total
8027 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7724 | 1 Piwigo | 1 Piwigo | 2024-11-21 | N/A |
| The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. CSRF exploitation, related to CVE-2017-10681, may be possible. | ||||
| CVE-2018-7720 | 1 Cobub | 1 Razor | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation. | ||||
| CVE-2018-7701 | 1 Securenvoy | 1 Securmail | 2024-11-21 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe. | ||||
| CVE-2018-7700 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code. | ||||
| CVE-2018-7677 | 1 Netiq | 1 Access Manager | 2024-11-21 | N/A |
| A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component. | ||||
| CVE-2018-7634 | 1 Enalean | 1 Tuleap | 2024-11-21 | N/A |
| An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover. | ||||
| CVE-2018-7590 | 1 Hoosk | 1 Hoosk | 2024-11-21 | N/A |
| CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation. | ||||
| CVE-2018-7565 | 1 Polycom | 2 Qdx 6000, Qdx 6000 Firmware | 2024-11-21 | N/A |
| CSRF exists on Polycom QDX 6000 devices. | ||||
| CVE-2018-7524 | 1 Geutebrueck | 4 G-cam\/efd-2250, G-cam\/efd-2250 Firmware, Topfd-2125 and 1 more | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system. | ||||
| CVE-2018-7308 | 1 Hosting Project | 1 Hosting | 2024-11-21 | N/A |
| A CSRF issue was found in var/www/html/files.php in DanWin hosting through 2018-02-11 that allows arbitrary remote users to add/delete/modify any files in any hosting account. | ||||
| CVE-2018-7307 | 1 Auth0 | 1 Auth0.js | 2024-11-21 | N/A |
| The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter. | ||||
| CVE-2018-7305 | 1 Mybb | 1 Mybb | 2024-11-21 | N/A |
| MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts. | ||||
| CVE-2018-7219 | 1 5none | 1 Nonecms | 2024-11-21 | N/A |
| application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request. | ||||
| CVE-2018-7216 | 1 Tejari | 1 Bravo Solution | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that modify their personal data by leveraging lack of anti-CSRF tokens. | ||||
| CVE-2018-7176 | 1 Frontaccounting | 1 Frontaccounting | 2024-11-21 | N/A |
| FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page). | ||||
| CVE-2018-7097 | 1 Hp | 1 3par Service Provider | 2024-11-21 | N/A |
| A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery. | ||||
| CVE-2018-7060 | 1 Arubanetworks | 1 Clearpass | 2024-11-21 | N/A |
| Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could manipulate an authenticated user into performing actions on the web administrative interface. | ||||
| CVE-2018-6941 | 1 Nat32 | 1 Nat32 | 2024-11-21 | N/A |
| A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS. | ||||
| CVE-2018-6940 | 1 Nat32 | 1 Nat32 | 2024-11-21 | N/A |
| A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF. | ||||
| CVE-2018-6934 | 1 Ordermanagementscript | 1 Online Tutoring Script | 2024-11-21 | N/A |
| CSRF exists in student/personal-info in PHP Scripts Mall Online Tutoring Script 2.0.3. | ||||