Total
7694 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-13407 | 1 Jirafeau | 1 Jirafeau | 2024-11-21 | N/A |
A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file" feature on the admin panel is not protected against automated requests and could be abused. | ||||
CVE-2018-13398 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | N/A |
The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability. | ||||
CVE-2018-13394 | 1 Atlassian | 1 Questions For Confluence | 2024-11-21 | N/A |
The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability. | ||||
CVE-2018-13393 | 1 Atlassian | 1 Questions For Confluence | 2024-11-21 | N/A |
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability. | ||||
CVE-2018-13340 | 1 Gleeztech | 1 Gleez Cms | 2024-11-21 | N/A |
Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request. | ||||
CVE-2018-13067 | 1 Opencart | 1 Opencart | 2024-11-21 | N/A |
/upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password. | ||||
CVE-2018-13040 | 1 Opendesa | 1 Opensid | 2024-11-21 | N/A |
OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI. | ||||
CVE-2018-13032 | 1 Ecessa | 2 Shieldlink Sl175ehq, Shieldlink Sl175ehq Firmware | 2024-11-21 | N/A |
ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI. | ||||
CVE-2018-13031 | 1 Damicms | 1 Damicms | 2024-11-21 | N/A |
DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account. | ||||
CVE-2018-13010 | 1 Wstmall | 1 Wstmall | 2024-11-21 | N/A |
WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account. | ||||
CVE-2018-12971 | 1 Easycms | 1 Easycms | 2024-11-21 | N/A |
EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users. | ||||
CVE-2018-12739 | 1 Beescms | 1 Beescms | 2024-11-21 | N/A |
In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266. | ||||
CVE-2018-12659 | 1 Slims Akasia Project | 1 Slims Akasia | 2024-11-21 | N/A |
SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter. | ||||
CVE-2018-12628 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges. | ||||
CVE-2018-12603 | 1 Lfdycms | 1 Lfcms | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114. | ||||
CVE-2018-12602 | 1 Lfdycms | 1 Lfcms | 2024-11-21 | N/A |
A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily. | ||||
CVE-2018-12583 | 1 Akcms Project | 1 Akcms | 2024-11-21 | N/A |
An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php. | ||||
CVE-2018-12582 | 1 Akcms Project | 1 Akcms | 2024-11-21 | N/A |
An issue was discovered in AKCMS 6.1. CSRF can add an admin account via a /index.php?file=account&action=manageaccounts&job=newaccount URI. | ||||
CVE-2018-12574 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-11-21 | N/A |
CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices. | ||||
CVE-2018-12540 | 2 Eclipse, Redhat | 2 Vert.x, Openshift Application Runtimes | 2024-11-21 | N/A |
In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet. |