映射到 CWE-352 的搜索结果 (1428)

CVE-2018-9108(发布:2018-03-28 00:29:00)NM
CVSS6.8

[原文]CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an unauthorized remote attacker to create an account with admin privileges.

CVE-2018-9092(发布:2018-03-27 18:29:00)NMP
CVSS6.8

[原文]There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password.

CVE-2018-7700(发布:2018-03-27 14:29:00)NM
CVSS6.8

[原文]DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.

CVE-2018-8718(发布:2018-03-27 12:29:00)NMPS
CVSS6.0

[原文]Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.

CVE-2018-8764(发布:2018-03-27 12:29:00)NMP
CVSS6.8

[原文]Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.

CVE-2018-1213(发布:2018-03-26 14:29:01)NMPS
CVSS6.8

[原文]Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.

首页上一页345678910下一页尾页 第5页 / 共238页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站