Export limit exceeded: 341187 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9656 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13920 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 4.3 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application. The vulnerability could allow switching the connectivity state of a user or a device. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2019-13611 | 1 Python-engineio Project | 1 Python-engineio | 2024-11-21 | N/A |
| An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted. | ||||
| CVE-2019-13594 | 1 Mirumee | 1 Saleor | 2024-11-21 | N/A |
| In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server. | ||||
| CVE-2019-13563 | 1 Dlink | 2 Dir-655, Dir-655 Firmware | 2024-11-21 | 8.8 High |
| D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console. | ||||
| CVE-2019-13529 | 1 Sma | 2 Sunny Webbox, Sunny Webbox Firmware | 2024-11-21 | 8.8 High |
| An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation. | ||||
| CVE-2019-13516 | 1 Osisoft | 1 Pi Web Api | 2024-11-21 | 8.8 High |
| In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect. | ||||
| CVE-2019-13497 | 1 Oneidentity | 1 Cloud Access Manager | 2024-11-21 | 6.5 Medium |
| One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests. | ||||
| CVE-2019-13496 | 1 Oneidentity | 1 Cloud Access Manager | 2024-11-21 | 8.1 High |
| One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response. | ||||
| CVE-2019-13477 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | N/A |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the root account. | ||||
| CVE-2019-13401 | 1 Fortinet | 2 Fcm-mb40, Fcm-mb40 Firmware | 2024-11-21 | N/A |
| Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/. | ||||
| CVE-2019-13395 | 1 Netgear | 2 Cg3700b, Cg3700b Firmware | 2024-11-21 | 8.8 High |
| The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file. | ||||
| CVE-2019-13376 | 1 Phpbb | 1 Phpbb | 2024-11-21 | 6.5 Medium |
| phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS | ||||
| CVE-2019-13370 | 1 Ignitedcms | 1 Ignitedcms | 2024-11-21 | 8.8 High |
| index.php/admin/permissions in Ignited CMS through 2017-02-19 allows CSRF to add an administrator. | ||||
| CVE-2019-13364 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 9.6 Critical |
| admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF. | ||||
| CVE-2019-13363 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 9.6 Critical |
| admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter. This is exploitable via CSRF. | ||||
| CVE-2019-13322 | 1 Mi | 1 Mi Browser | 2024-11-21 | 8.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the miui.share application. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary application download. An attacker can leverage this vulnerability to execute code in the context of the user. Was ZDI-CAN-7483. | ||||
| CVE-2019-13199 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2024-11-21 | 6.5 Medium |
| Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device. | ||||
| CVE-2019-13183 | 1 Flarum | 1 Flarum | 2024-11-21 | N/A |
| Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings. | ||||
| CVE-2019-13170 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2024-11-21 | 6.5 Medium |
| Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device. | ||||
| CVE-2019-13071 | 1 Cyberpowersystems | 1 Powerpanel | 2024-11-21 | N/A |
| CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. This can be exploited by tricking an authenticated user into visiting an attacker controlled web page. | ||||