映射到 CWE-352 的搜索结果 (1315)

CVE-2014-8900(发布:2017-08-28 11:29:00)NMC
CVSS6.8

[CNNVD]IBM UrbanCode Release 跨站请求伪造漏洞--IBM UrbanCode Release(UCR)是美国IBM公司的一套用于管理多个相关应用发行及其部署的协作发行软件平台。该平台支持在生命周期模型的每个阶段规划、执行和追踪软件的发行。 IBM UCR中存在跨站请求伪造漏洞,该漏洞源于程序没有正确验证HTTP请求。远程攻击者可...

CVE-2017-7926(发布:2017-08-25 15:29:00)NMS
CVSS6.8

[原文]A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated.

CVE-2015-5258(发布:2017-08-22 14:29:00)NM
CVSS6.8

[原文]Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.

CVE-2017-7557(发布:2017-08-22 10:29:00)NMS
CVSS6.8

[原文]dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.

CVE-2017-7423(发布:2017-08-21 11:29:00)NM
CVSS6.8

[原文]A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default.

CVE-2017-5187(发布:2017-08-21 11:29:00)NM
CVSS6.8

[原文]A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests.

首页上一页4567891011下一页尾页 第6页 / 共220页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站