映射到 CWE-352 的搜索结果 (1322)

CVE-2014-0120(发布:2017-12-29 17:29:00)NM
CVSS6.8

[原文]Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."

CVE-2017-5263(发布:2017-12-20 17:29:00)NM
CVSS5.4

[原文]Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones.

CVE-2017-1746(发布:2017-12-20 13:29:01)NMS
CVSS6.8

[原文]IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519.

CVE-2017-1631(发布:2017-12-20 13:29:01)NMS
CVSS6.8

[原文]IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140.

CVE-2017-5264(发布:2017-12-14 16:29:00)NMS
CVSS6.8

[原文]Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.

CVE-2017-8138(发布:2017-11-22 14:29:02)NM
CVSS6.8

[原文]HedEx Earlier than V200R006C00 versions has a cross-site request forgery (CSRF) vulnerability. An attacker could trick a user into accessing a website containing malicious scripts which may tamper with configurations and interrupt normal services.

12345678下一页尾页 第1页 / 共221页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站