映射到 CWE-352 的搜索结果 (1269)

CVE-2016-7809(发布:2017-06-09 12:29:00)NM
CVSS6.8

[原文]Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors.

CVE-2016-4907(发布:2017-06-09 12:29:00)NMS
CVSS6.8

[原文]Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.

CVE-2016-4909(发布:2017-06-09 12:29:00)NMS
CVSS4.3

[原文]Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.

CVE-2016-9991(发布:2017-06-08 17:29:00)NMS
CVSS6.0

[原文]IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314.

CVE-2015-1786(发布:2017-06-08 17:29:00)NM
CVSS6.8

[原文]Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.

CVE-2017-8836(发布:2017-06-05 10:29:00)NMP
CVSS6.8

[原文]CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface.

首页上一页4567891011下一页尾页 第6页 / 共212页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站