Total
7923 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19737 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 8.8 High |
| MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks. | ||||
| CVE-2019-19685 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 8.8 High |
| RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions. | ||||
| CVE-2019-19669 | 1 Maxum | 1 Rumpus Ftp | 2024-11-21 | 6.5 Medium |
| A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html. | ||||
| CVE-2019-19668 | 1 Maxum | 1 Rumpus Ftp | 2024-11-21 | 4.3 Medium |
| A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html. | ||||
| CVE-2019-19667 | 1 Maxum | 1 Rumpus Ftp | 2024-11-21 | 5.4 Medium |
| A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via RAPR/BlockedClients.html. | ||||
| CVE-2019-19666 | 1 Maxum | 1 Rumpus Ftp | 2024-11-21 | 4.3 Medium |
| A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html. | ||||
| CVE-2019-19665 | 1 Maxum | 1 Rumpus | 2024-11-21 | 6.5 Medium |
| A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings at RAPR/FTPSettingsSet.html. | ||||
| CVE-2019-19664 | 1 Maxum | 1 Rumpus Ftp | 2024-11-21 | 7.1 High |
| A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server Web settings at RAPR/WebSettingsGeneralSet.html. | ||||
| CVE-2019-19663 | 1 Maxum | 1 Rumpus | 2024-11-21 | 6.5 Medium |
| A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at RAPR/FolderSetsSet.html. | ||||
| CVE-2019-19662 | 1 Maxum | 1 Rumpus Ftp | 2024-11-21 | 6.5 Medium |
| A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html. | ||||
| CVE-2019-19660 | 1 Maxum | 1 Rumpus | 2024-11-21 | 6.5 Medium |
| A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can manipulate the SMTP setting and other network settings via RAPR/NetworkSettingsSet.html. | ||||
| CVE-2019-19659 | 1 Maxum | 1 Rumpus | 2024-11-21 | 8.8 High |
| A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users' details, and escalate privileges via RAPR/DefineUsersSet.html. | ||||
| CVE-2019-19517 | 1 Intelbras | 2 Action Rf 1200, Action Rf 1200 Firmware | 2024-11-21 | 8.8 High |
| Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html form, as demonstrated by launching a scrapy process. | ||||
| CVE-2019-19516 | 1 Intelbras | 2 Wrn 150, Wrn 150 Firmware | 2024-11-21 | 6.5 Medium |
| Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password. | ||||
| CVE-2019-19469 | 1 Zmanda | 1 Amanda | 2024-11-21 | 8.8 High |
| In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials. | ||||
| CVE-2019-19375 | 1 Octopus | 1 Octopus Deploy | 2024-11-21 | 5.3 Medium |
| In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. (The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8.) | ||||
| CVE-2019-19289 | 1 Siemens | 1 Xhq | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. | ||||
| CVE-2019-19109 | 1 Gvectors | 1 Wpforo | 2024-11-21 | 8.8 High |
| The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF. | ||||
| CVE-2019-19025 | 2 Linuxfoundation, Pivotal | 2 Harbor, Vmware Harbor Registry | 2024-11-21 | 8.8 High |
| Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform. | ||||
| CVE-2019-19013 | 1 Pagekit | 1 Pagekit | 2024-11-21 | 8.8 High |
| A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request. | ||||