映射到 CWE-352 的搜索结果 (1407)

CVE-2018-7590(发布:2018-03-01 17:29:00)NM
CVSS6.8

[原文]CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.

CVE-2016-0295(发布:2018-02-28 12:29:00)NMS
CVSS6.8

[原文]Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363.

CVE-2018-0520(发布:2018-02-23 10:29:00)NM
CVSS6.8

[原文]Cross-site request forgery (CSRF) vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors.

CVE-2018-0146(发布:2018-02-21 19:29:00)NMS
CVSS5.8

[原文]A vulnerability in the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to improper CSRF protection by the affected application. An attacker could exploit this vulnerability by persuading a user of the affected application to click a malicious link. A successful exploit could allow the attacker to submit arbitrary requests and take unauthorized actions on behalf of the user. Cisco Bug IDs: CSCvg45114.

CVE-2018-0148(发布:2018-02-21 19:29:00)NMS
CVSS6.8

[原文]A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protection by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, via the user's web browser and with the user's privileges, on an affected system. Cisco Bug IDs: CSCvf71929.

CVE-2018-7308(发布:2018-02-21 16:29:00)NM
CVSS6.8

[原文]A CSRF issue was found in var/www/html/files.php in DanWin hosting through 2018-02-11 that allows arbitrary remote users to add/delete/modify any files in any hosting account.

首页上一页56789101112下一页尾页 第7页 / 共235页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站