| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-17369 |
1 Otcms |
1 Otcms |
2019-10-16 |
4.3 |
| OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin. |
| CVE-2019-17600 |
1 Intelbras |
1 Iwr 1000n Firmware |
2019-10-15 |
10.0 |
| Intelbras IWR 1000N 1.6.4 devices allows disclosure of the administrator login name and password because v1/system/user is mishandled. |
| CVE-2019-11077 |
1 Fastadmin |
1 Fastadmin |
2019-10-15 |
6.8 |
| FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI. |
| CVE-2019-13529 |
1 Sma |
1 Sunny Webbox Firmware |
2019-10-15 |
6.8 |
| An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to... |
| CVE-2019-17432 |
1 Fastadmin |
1 Fastadmin |
2019-10-15 |
4.3 |
| An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter. |
| CVE-2019-17386 |
1 Eleopard |
1 Animate It%21 |
2019-10-15 |
6.8 |
| The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimate.php. |
| CVE-2016-10874 |
1 Wpseeds |
1 Wp Database Backup |
2019-10-12 |
6.8 |
| The wp-database-backup plugin before 4.3.3 for WordPress has CSRF. |
| CVE-2019-17431 |
1 Fastadmin |
1 Fastadmin |
2019-10-11 |
6.8 |
| An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability. |
| CVE-2015-9455 |
|
|
2019-10-10 |
7.8 |
| The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action. |
| CVE-2019-17217 |
|
|
2019-10-10 |
6.8 |
| An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no CSRF protection established on the web service. |
| CVE-2008-6586 |
1 Utorrent |
1 Utorrent Webui |
2019-10-10 |
6.8 |
| Cross-site request forgery (CSRF) vulnerability in gui/index.php in ?Torrent (uTorrent) WebUI 0.315 allows remote attackers to (1) hijack the authentication of users for requests that force the download of arbitrary torrent files via the add-url... |
| CVE-2019-9883 |
|
|
2019-10-09 |
6.8 |
| Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via... |
| CVE-2019-9882 |
|
|
2019-10-09 |
6.8 |
| Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via... |
| CVE-2019-8991 |
1 Tibco |
5 Activematrix Bpm, Activematrix Policy Director, Activematrix Service Bus and 2 more |
2019-10-09 |
6.8 |
| The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid,... |
| CVE-2019-6561 |
1 Moxa |
4 Eds-405a Firmware, Eds-408a Firmware, Eds-510a Firmware and 1 more |
2019-10-09 |
6.8 |
| Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device. |
| CVE-2019-6166 |
|
|
2019-10-09 |
6.8 |
| A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery. |
| CVE-2019-5630 |
1 Rapid7 |
1 Nexpose |
2019-10-09 |
6.8 |
| A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a... |
| CVE-2019-5430 |
1 Ui |
1 Unifi Video |
2019-10-09 |
6.8 |
| In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on... |
| CVE-2019-4515 |
1 Ibm |
1 Security Key Lifecycle Manager |
2019-10-09 |
4.3 |
| IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137. |
| CVE-2019-4212 |
1 Ibm |
1 Qradar Security Information And Event Manager |
2019-10-09 |
6.8 |
| IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159132. |
