Total
8022 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1442 | 1 Ibm | 1 Monitoring | 2024-11-21 | N/A |
| IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139598. | ||||
| CVE-2018-1434 | 1 Ibm | 14 San Volume Controller, San Volume Controller Firmware, Spectrum Virtualize and 11 more | 2024-11-21 | 8.8 High |
| IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474. | ||||
| CVE-2018-1432 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | N/A |
| IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360. | ||||
| CVE-2018-1230 | 1 Pivotal Software | 1 Spring Batch Admin | 2024-11-21 | N/A |
| Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life. | ||||
| CVE-2018-1213 | 1 Dell | 1 Emc Isilon Onefs | 2024-11-21 | N/A |
| Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application. | ||||
| CVE-2018-1098 | 2 Fedoraproject, Redhat | 2 Fedora, Etcd | 2024-11-21 | N/A |
| A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send. | ||||
| CVE-2018-19969 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | N/A |
| phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc. | ||||
| CVE-2018-19948 | 1 Qnap | 1 Helpdesk | 2024-11-21 | 2 Low |
| The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. | ||||
| CVE-2018-19923 | 1 Sales \& Company Management System Project | 1 Sales \& Company Management System | 2024-11-21 | N/A |
| An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is member/member_email.php?action=edit CSRF. | ||||
| CVE-2018-19911 | 1 Freeswitch | 1 Freeswitch | 2024-11-21 | N/A |
| FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alternatively, the default password of works for the freeswitch account can sometimes be used. | ||||
| CVE-2018-19829 | 1 Artica | 1 Integria Ims | 2024-11-21 | N/A |
| Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known. | ||||
| CVE-2018-19621 | 1 Showdoc | 1 Showdoc | 2024-11-21 | N/A |
| server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team. | ||||
| CVE-2018-19613 | 1 Westermo | 6 Dr-250, Dr-250 Firmware, Dr-260 and 3 more | 2024-11-21 | N/A |
| Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allow CSRF. | ||||
| CVE-2018-19561 | 1 Sikcms | 1 Sikcms | 2024-11-21 | N/A |
| sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account. | ||||
| CVE-2018-19560 | 1 Bagesoft | 1 Bagecms | 2024-11-21 | N/A |
| BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account. | ||||
| CVE-2018-19555 | 1 Tp4a | 1 Teleport | 2024-11-21 | N/A |
| tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password. | ||||
| CVE-2018-19546 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | N/A |
| JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter. | ||||
| CVE-2018-19545 | 1 Jeecms | 1 Jeecms | 2024-11-21 | N/A |
| JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user. | ||||
| CVE-2018-19544 | 1 Jeecms | 1 Jeecms | 2024-11-21 | N/A |
| JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news. | ||||
| CVE-2018-19525 | 1 Systrome | 6 Cumilon Isg-600c, Cumilon Isg-600c Firmware, Cumilon Isg-600h and 3 more | 2024-11-21 | N/A |
| An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. There is CSRF via /ui/?g=obj_keywords_add and /ui/?g=obj_keywords_addsave with resultant XSS because of a lack of csrf token validation. | ||||