Total
7375 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6907 | 1 Rainmachine | 1 Rainmachine Web Application | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API. | |||||
| CVE-2018-6888 | 1 Typesettercms | 1 Typesetter | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| An issue was discovered in Typesetter 5.1. The User Permissions page (aka Admin/Users) suffers from critical flaw of Cross Site Request forgery: using a forged HTTP request, a malicious user can lead a user to unknowingly create / delete or modify a user account due to the lack of an anti-CSRF token. | |||||
| CVE-2018-6874 | 1 Auth0 | 1 Auth0.js | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled. | |||||
| CVE-2018-6656 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories. | |||||
| CVE-2018-6651 | 2 Parsecgaming, Uncurl Project | 2 Parsec, Uncurl | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions. In Parsec, this means full control over the victim's computer. | |||||
| CVE-2018-6563 | 1 Totemo | 1 Encryption Gateway | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in totemomail Encryption Gateway before 6.0.0_Build_371 allow remote attackers to hijack the authentication of users for requests that (1) change user settings, (2) send emails, or (3) change contact information by leveraging lack of an anti-CSRF token. | |||||
| CVE-2018-6504 | 1 Microfocus | 1 Arcsight Management Center | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery (CSRF). | |||||
| CVE-2018-6497 | 1 Microfocus | 2 Cms Server, Universal Cmbd Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | |||||
| CVE-2018-6496 | 1 Microfocus | 1 Universal Cmbd Browser | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | |||||
| CVE-2018-6467 | 1 Flickrrss Project | 1 Flickrrss | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php. | |||||
| CVE-2018-6458 | 1 Ehcp | 1 Easy Hosting Control Panel | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection. | |||||
| CVE-2018-6408 | 1 Conceptronic | 3 Cipcamptiwl, Cipcamptiwl Firmware, Cipcamptiwl Web Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. CSRF exists in hy-cgi/user.cgi, as demonstrated by changing an administrator password or adding a new administrator account. | |||||
| CVE-2018-6391 | 1 Netis-systems | 2 Wf2419, Wf2419 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings. | |||||
| CVE-2018-6357 | 1 Acurax | 1 Social Media Widget | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS. | |||||
| CVE-2018-6288 | 1 Kaspersky | 1 Secure Mail Gateway | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. | |||||
| CVE-2018-6224 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled domain. | |||||
| CVE-2018-6023 | 1 Fastweb | 2 Fastgate, Fastgate Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc. | |||||
| CVE-2018-6009 | 1 Yiiframework | 1 Yiiframework | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity. | |||||
| CVE-2018-6007 | 1 Joomsky | 1 Js Support Ticket | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket. | |||||
| CVE-2018-5976 | 1 Rsvp Invitation Online Project | 1 Rsvp Invitation Online | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password. | |||||