Total
7863 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12659 | 1 Slims Akasia Project | 1 Slims Akasia | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter. | |||||
| CVE-2018-12628 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges. | |||||
| CVE-2018-12603 | 1 Lfdycms | 1 Lfcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114. | |||||
| CVE-2018-12602 | 1 Lfdycms | 1 Lfcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily. | |||||
| CVE-2018-12583 | 1 Akcms Project | 1 Akcms | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php. | |||||
| CVE-2018-12582 | 1 Akcms Project | 1 Akcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in AKCMS 6.1. CSRF can add an admin account via a /index.php?file=account&action=manageaccounts&job=newaccount URI. | |||||
| CVE-2018-12574 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices. | |||||
| CVE-2018-12540 | 1 Eclipse | 1 Vert.x | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet. | |||||
| CVE-2018-12529 | 1 Intex | 2 N150, N150 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings. | |||||
| CVE-2018-12456 | 1 Intelbras | 2 Nplug, Nplug Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access. | |||||
| CVE-2018-12416 | 1 Tibco | 1 Datasynapse Gridserver Manager | 2024-11-21 | 6.8 MEDIUM | 7.1 HIGH |
| The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF). Affected releases are TIBCO Software Inc. TIBCO DataSynapse GridServer Manager: versions up to and including 5.2.0; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; 6.2.0; 6.3.0. | |||||
| CVE-2018-12415 | 1 Tibco | 1 Enterprise Message Service | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below. | |||||
| CVE-2018-12414 | 1 Tibco | 5 Rendezvous, Rendezvous For Z\/linux, Rendezvous For Z\/os and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2. | |||||
| CVE-2018-12413 | 1 Tibco | 1 Messaging - Apache Kafka Distribution - Schema Repository | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| The Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0. | |||||
| CVE-2018-12412 | 1 Tibco | 1 Ftl | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| The realm server (tibrealmserver) component of TIBCO Software Inc. TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO FTL - Community Edition: versions up to and including 5.4.0, TIBCO FTL - Developer Edition: versions up to and including 5.4.0, TIBCO FTL - Enterprise Edition: versions up to and including 5.4.0. | |||||
| CVE-2018-12411 | 1 Tibco | 1 Activespaces | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: 3.3.0; 3.4.0; 3.5.0, TIBCO ActiveSpaces - Developer Edition: 3.0.0; 3.1.0; 3.3.0; 3.4.0; 3.5.0, and TIBCO ActiveSpaces - Enterprise Edition: 3.0.0; 3.1.0; 3.2.0; 3.3.0; 3.4.0; 3.5.0. | |||||
| CVE-2018-12370 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox < 61. | |||||
| CVE-2018-12364 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | |||||
| CVE-2018-12354 | 1 Knowage-suite | 1 Knowage | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request. | |||||
| CVE-2018-12114 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts. | |||||