Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000669 | 1 Koha | 1 Koha | 2018-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email. This vulnerability appears to have been fixed in 17.11. | |||||
| CVE-2018-17023 | 1 Asus | 2 Gt-ac5300, Gt-ac5300 Firmware | 2018-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm. | |||||
| CVE-2018-15682 | 1 Btiteam | 1 Xbtit | 2018-11-06 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page that automatically submits a form on their behalf. | |||||
| CVE-2018-15901 | 1 E107 | 1 E107 | 2018-11-02 | 6.8 MEDIUM | 8.8 HIGH |
| e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators. | |||||
| CVE-2018-16951 | 1 Xunfeng Project | 1 Xunfeng | 2018-11-02 | 6.0 MEDIUM | 8.0 HIGH |
| xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832. | |||||
| CVE-2018-16650 | 1 Phpmyfaq | 1 Phpmyfaq | 2018-11-02 | 6.8 MEDIUM | 8.8 HIGH |
| phpMyFAQ before 2.9.11 allows CSRF. | |||||
| CVE-2014-6046 | 1 Phpmyfaq | 1 Phpmyfaq | 2018-11-01 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token. | |||||
| CVE-2008-3325 | 2 Debian, Moodle | 2 Debian Linux, Moodle | 2018-11-01 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page. | |||||
| CVE-2018-15568 | 1 Tp5cms Project | 1 Tp5cms | 2018-11-01 | 6.8 MEDIUM | 8.8 HIGH |
| tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html. | |||||
| CVE-2018-11502 | 1 Moderator Log Notes Project | 1 Moderator Log Notes | 2018-10-31 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF. | |||||
| CVE-2018-9092 | 1 1234n | 1 Minicms | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password. | |||||
| CVE-2013-3395 | 1 Cisco | 3 Content Security Management Appliance, Email Security Appliance Firmware, Web Security Appliance | 2018-10-30 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuh70263, CSCuh70323, and CSCuh26634. | |||||
| CVE-2017-4928 | 1 Vmware | 1 Vcenter Server | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure. | |||||
| CVE-2016-4069 | 2 Opensuse, Roundcube | 2 Leap, Webmail | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors. | |||||
| CVE-2013-0214 | 1 Samba | 1 Samba | 2018-10-30 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions. | |||||
| CVE-2018-0647 | 1 Asus | 2 Wl-330nul, Wl-330nul Firmware | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2018-16416 | 1 Thedaylightstudio | 1 Fuel Cms | 2018-10-25 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password. | |||||
| CVE-2018-16337 | 1 Chshcms | 1 Cscms | 2018-10-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save. | |||||
| CVE-2018-16315 | 1 Bijiadao | 1 Waimai Super Cms | 2018-10-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add. | |||||
| CVE-2018-16339 | 1 Phome | 1 Empirecms | 2018-10-25 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser. | |||||