映射到 CWE-352 的搜索结果 (1269)

CVE-2016-7507(发布:2017-07-19 09:29:00)NM
CVSS6.0

[原文]Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application.

CVE-2017-10961(发布:2017-07-18 10:29:00)N
CVSS6.8

[原文]REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components.

CVE-2017-1000069(发布:2017-07-17 09:18:18)N
CVSS6.8

[原文]CSRF in Bitly oauth2_proxy 2.1 during authentication flow

CVE-2017-1000045(发布:2017-07-17 09:18:17)N
CVSS6.8

[原文]Mautic SSO/OAuth2 plugins are vulnerable to CSRF of the state parameter resulting in authentication bypass through clickjacking

CVE-2017-1000008(发布:2017-07-17 09:18:16)N
CVSS6.8

[原文]Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password.

CVE-2017-11193(发布:2017-07-12 16:29:00)N
CVSS6.8

[原文]Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these commands against any IP if they can get an admin to visit their malicious CSRF page.

首页上一页23456789下一页尾页 第4页 / 共212页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站