映射到 CWE-352 的搜索结果 (1430)

CVE-2018-8764(发布:2018-03-27 12:29:00)NMP
CVSS6.8

[原文]Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.

CVE-2018-1213(发布:2018-03-26 14:29:01)NMPS
CVSS6.8

[原文]Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.

CVE-2018-8817(发布:2018-03-25 15:29:00)NMP
CVSS6.8

[原文]Wampserver before 3.1.3 has CSRF in add_vhost.php.

CVE-2018-8979(发布:2018-03-25 15:29:00)NMP
CVSS6.8

[原文]Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.

CVE-2018-8972(发布:2018-03-24 18:29:00)NM
CVSS6.8

[原文]Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters.

CVE-2018-7524(发布:2018-03-22 14:29:01)NM
CVSS6.8

[原文]A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system.

首页上一页4567891011下一页尾页 第6页 / 共239页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站