Total
7407 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7746 | 1 Jio | 2 Jmr1140, Jmr1140 Firmware | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmap_auth type=getuser request and then reading the token field. This token value can then be used to change the Wi-Fi password or perform a factory reset. | |||||
| CVE-2019-7738 | 1 C.p.sub Project | 1 C.p.sub | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI. | |||||
| CVE-2019-7737 | 1 Verydows | 1 Verydows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit. | |||||
| CVE-2019-7730 | 1 Mywebsql | 1 Mywebsql | 2024-11-21 | 4.9 MEDIUM | 5.7 MEDIUM |
| MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI. | |||||
| CVE-2019-7654 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server->Users component. This issue was resolved in Wowza Streaming Engine 4.8.5. | |||||
| CVE-2019-7570 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI. | |||||
| CVE-2019-7569 | 1 Wdoyo | 1 Doyo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in DOYO (aka doyocms) 2.3(20140425 update). There is a CSRF vulnerability that can add a super administrator account via admin.php?c=a_adminuser&a=add&run=1. | |||||
| CVE-2019-7566 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSZ CMS 1.1.8 has CSRF via admin/users/new/add. | |||||
| CVE-2019-7440 | 1 Jio | 2 Jiofi 4g M2s, Jiofi 4g M2s Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi). | |||||
| CVE-2019-7433 | 1 Rental Bike Script Project | 1 Rental Bike Script | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | |||||
| CVE-2019-7402 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via CSRF. | |||||
| CVE-2019-7391 | 1 Zyxel | 4 Dsl-491hnu-b10b, Dsl-491hnu-b10b Firmware, Dsl-491hnu-b1b V2 and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF. | |||||
| CVE-2019-7357 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins. | |||||
| CVE-2019-7346 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful. | |||||
| CVE-2019-7281 | 1 Primasystems | 1 Flexair | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website. | |||||
| CVE-2019-7273 | 1 Optergy | 2 Enterprise, Proton | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF). | |||||
| CVE-2019-7270 | 1 Nortekcontrol | 4 Linear Emerge 5000p, Linear Emerge 5000p Firmware, Linear Emerge 50p and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF). | |||||
| CVE-2019-7262 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF). | |||||
| CVE-2019-6967 | 1 Airties | 2 Air 5341, Air 5341 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF. | |||||
| CVE-2019-6779 | 1 Chshcms | 1 Cscms | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links. | |||||