CWE:
 

Topic
Date
Author
Low
MyBB Trash Bin 1.1.3 Cross Site Request Forgery / Cross Site Scripting
18.02.2019
0xB9
Low
LayerBB 1.1.2 Cross Site Request Forgery
15.02.2019
0xB9
Low
Jiofi 4 (JMR 1140) WiFi Password Cross Site Request Forgery
14.02.2019
Ronnie T Baby
Low
Jiofi 4 (JMR 1140) Admin Token Disclosure Cross Site Request Forgery
14.02.2019
Ronnie T Baby
Med.
Zyxel VMG3312-B10B DSL-491HNU-B1 V2 Cross Site Request Forgery
06.02.2019
Yusuf Furkan
Med.
WordPress Contact Form Email 1.2.65 CSRF / Cross Site Scripting
06.02.2019
Tim Coen
Med.
BEWARD N100 H.264 VGA IP Camera M2.1.6 Cross Site Request Forgery
04.02.2019
LiquidWorm
Med.
devolo dLAN 550 duo+ 3.1.0-1 Starter Kit Cross-Site Request Forgery
04.02.2019
Stefan Petrushevski
High
PDF Signer 3.0 Template Injection / CSRF / Code Execution
29.01.2019
dd_
Low
Zyxel NBG-418N V2 Cross Site Request Forgery
25.01.2019
Ali Can Gonullu
Low
PLC Wireless Router GPN2.4P21-C-CN Cross Site Request Forgery
23.01.2019
Kumar Saurav
Low
Hucart CMS 5.7.4 Cross Site Request Forgery
15.01.2019
AllenChen
Low
Live Call Support 1.5 Cross Site Request Forgery
15.01.2019
Ihsan Sencan
Low
Heatmiser Wifi Thermostat 1.7 Cross Site Request Forgery
10.01.2019
sajjadbnd
Med.
Ox App Suite 7.8.4 / 7.8.3 XSS / CSRF / Information Disclosure
08.01.2019
Secator
Low
Huawei E5330 21.210.09.00.158 Cross Site Request Forgery
08.01.2019
Nathu Nandwani
Med.
Webgalamb Information Disclosure / XSS / CSRF / SQL Injection
08.01.2019
Daniel Jones
Low
phpMoAdmin 1.1.5 Cross Site Request Forgery / Cross Site Scripting
08.01.2019
Ozer Goker
Low
Apache CouchDB 2.3.0 Cross Site Request Forgery
04.01.2019
Ozer Goker
Med.
WSTMart 2.0.8 Cross Site Request Forgery
25.12.2018
linfeng
Low
Hotel Booking Script 3.4 Cross Site Request Forgery
20.12.2018
Sainadh Jamalpur
Med.
Integria IMS 5.0.83 Cross Site Request Forgery
20.12.2018
Javier Olmedo
Med.
Transcend Wi-Fi SD Card Cross Site Request Forgery / Traversal
18.12.2018
MustLive
Low
PHP Server Monitor 3.3.1 Cross Site Request Forgery
04.12.2018
Javier Olmedo
Low
Synaccess netBooter NP-0801DU 7.4 Cross-Site Request Forgery (Add Admin)
28.11.2018
LiquidWorm
Low
Ticketly 1.0 Cross Site Request Forgery
20.11.2018
Javier Olmedo
Med.
Synaccess netBooter NP-0801DU 7.4 Cross Site Request Forgery
20.11.2018
LiquidWorm
Med.
Electricks eCommerce 1.0 Cross-Site Request Forgery (Change Admin Password)
14.11.2018
Nawaf Alkeraithe
High
Webiness Inventory 2.3 Cross Site Request Forgery / Shell Upload
14.11.2018
Ihsan Sencan
Low
ClipperCMS 1.3.3 Cross Site Request Forgery
14.11.2018
Ameer Pornillos
Low
Easyndexer 1.0 Cross Site Request Forgery
12.11.2018
Ihsan Sencan
Med.
OOP CMS BLOG 1.0 Cross Site Request Forgery
07.11.2018
Ihsan Sencan
Low
Card Payment 1.0 Cross Site Request Forgery
30.10.2018
Ihsan Sencan
Low
School Event Management System 1.0 Cross Site Request Forgery
30.10.2018
Ihsan Sencan
Low
School Attendance Monitoring System 1.0 Cross Site Request Forgery
30.10.2018
Ihsan Sencan
Med.
Aplaya Beach Resort Online Reservation System 1.0 CSRF / SQL Injection
30.10.2018
Ihsan Sencan
Med.
Traq 3.7.1 CSRF / XSS / SQL Injection
23.10.2018
Matt Landers
Low
PHP-SHOP Master 1.0 Cross Site Request Forgery
19.10.2018
Alireza Norkazemi
Med.
Academic Timetable Final Build 7.0b Cross Site Request Forgery
16.10.2018
Ihsan Sencan
Low
HaPe PKH 1.1 Cross Site Request Forgery
13.10.2018
Ihsan Sencan
Low
Cockpit CMS CSRF / XSS / Path Traversal
13.10.2018
Simon Uvarov
Med.
NPLUG Wireless Repeater 1.0.0.14 CSRF / XSS / Authentication Bypass
11.10.2018
Patrick Costa
Med.
matri4web v 9.04 CSRF Vulnerability
28.09.2018
indoushka
Low
Admidio 3.3.5 Cross-Site Request Forgery (Change Permissions)
04.09.2018
Nawaf Alkeraithe
Med.
phpMyAdmin 4.7.x Cross-Site Request Forgery
29.08.2018
VulnSpy
Low
Gleez CMS 1.2.0 Cross Site Request Forgery
28.08.2018
GunEggWang
Med.
RICOH MP C4504ex Printer Cross-Site Request Forgery
27.08.2018
Ismail Tasdelen
Med.
Vox TG790 ADSL Router Cross-Site Request Forgery (Add Admin)
24.08.2018
Cakes
Low
MyBB Moderator Log Notes Plugin 1.1 Cross-Site Request Forgery
20.08.2018
0xB9
Med.
Pimcore 5.2.3 SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
16.08.2018
SEC Consult
Low
TP-Link C50 Wireless Router 3 Information Disclosure Cross Site Request Forgery
10.08.2018
Wadeek
Low
TP-Link C50 Wireless Router 3 Remote Reboot Cross Site Request Forgery
10.08.2018
Wadeek
Low
onArcade 2.4.2 Cross Site Request Forgery
07.08.2018
r3m0t3nu11
Low
WityCMS 0.6.2 Cross Site Request Forgery
03.08.2018
Porhai Eung
Low
Tenda Wireless N150 Router 5.07.50 Cross Site Request Forgery
25.07.2018
Nathu Nandwani
Low
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway CSRF
17.07.2018
LiquidWorm
Low
Advanced Fertility & Genetics Centre LLC. by Nanobird Technologies CSRF Vulnerability
06.07.2018
indoushka
Low
DAMICMS 6.0.0 Cross Site Request Forgery
02.07.2018
bay0net
Low
TP-Link TL-WR841N V13 Cross Site Request Forgery
29.06.2018
Tim Coen
Low
BEESCMS 4.0 Cross Site Request Forgery
29.06.2018
bay0net
Low
NewsBee CMS 1.4 CSRF Vulnerability
28.06.2018
indoushka
Low
AsusWRT RT-AC750GF Cross Site Request Forgery
26.06.2018
Wadeek
Low
Ecessa ShieldLink SL175EHQ 10.7.4 CSRF Add Superuser Exploit
25.06.2018
LiquidWorm
Low
Ecessa WANWorx WVR-30 10.7.4 CSRF Add Superuser Exploit
25.06.2018
LiquidWorm
Med.
LFCMS 3.7.0 Cross Site Request Forgery
22.06.2018
bay0net
Med.
Joomla! Component Jomres 9.11.2 Cross-Site Request Forgery (Add User)
20.06.2018
L0RD
Med.
RabbitMQ Web Management Cross Site Request Forgery
18.06.2018
Dolev Farhi
Med.
Joomla Jomres 9.11.2 Cross Site Request Forgery
18.06.2018
Borna Nematzadeh
Low
MACCMS 10 Cross Site Request Forgery
14.06.2018
bay0net
Low
WordPress Tooltipy 5.0 Cross Site Request Forgery
13.06.2018
Tom Adams
Med.
Jenkins Mailer Cross Site Request Forgery
06.06.2018
Kl3_GMjq6
Low
GreenCMS 2.3.0603 Cross Site Request Forgery
04.06.2018
xichao
High
JDA Connect CSRF / Command Execution / Exposed JMX Service
31.05.2018
Xiaoran Wang
Low
SearchBlox 8.6.6 Cross-Site Request Forgery
30.05.2018
Ahmet Gurel
Low
Joomla! Component jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery
30.05.2018
L0RD
Low
EasyService Billing 1.0 Cross-Site Request Forgery
29.05.2018
Divya Jain
Med.
Sharetronix CMS 3.6.2 Cross-Site Request Forgery / Cross-Site Scripting
28.05.2018
Hesam Bazvand
High
WordPress Peugeot Music 1.0 Shell Upload / Cross Site Request Forgery
25.05.2018
Mr.7z
Low
Timber 1.1 Cross Site Request Forgery
25.05.2018
Borna Nematzadeh
Low
Mcard Mobile Card Selling Platform 1 Cross Site Request Forgery
25.05.2018
Borna Nematzadeh
Med.
Teradek VidiU Pro 3.0.3 Change Password Cross Site Request Forgery
22.05.2018
LiquidWorm
Low
Merge PACS 7.0 Cross Site Request Forgery
22.05.2018
Safak Aslan
Med.
Auto Dealership And Vehicle Showroom WebSys 1.0 XSS / CSRF / SQL Injection
22.05.2018
Borna Nematzadeh
Med.
Model Agency Media House And Media Gallery 1.0 XSS / CSRF / SQL Injection
22.05.2018
Borna Nematzadeh
Low
Infinity Market Classified Ads Script 1.6.2 Cross-Site Request Forgery
21.05.2018
L0RD
Low
Healwire Online Pharmacy 3.0 Cross Site Request Forgery / Cross Site Scripting
19.05.2018
Borna Nematzadeh
Low
Siemens SIMATIC Panels Cross Site Request Forgery / Cross Site Scripting
19.05.2018
t4rkd3vilz
Low
Healwire Online Pharmacy 3.0 Persistent Cross-Site Scripting / Cross-Site Request Forgery
18.05.2018
L0RD
Med.
SuperCom Online Shopping Ecommerce Cart 1 XSS / CSRF / SQL Injection
18.05.2018
Borna Nematzadeh
Low
Powerlogic/Schneider Electric IONXXXX Series Cross Site Request Forgery
18.05.2018
t4rkd3vilz
Med.
NodAPS 4.0 SQL injection / Cross-Site Request Forgery
18.05.2018
L0RD
Low
MyBB Admin Notes 1.1 Cross Site Request Forgery
17.05.2018
0xB9
Low
Horse Market Sell And Rent Portal Script 1.5.7 CSRF
17.05.2018
L0RD
Low
Totemomail Encryption Gateway 6.0.0_Build_371 Cross Site Request Forgery
16.05.2018
Nicolas Heiniger
Low
Metronet Tag Manager 1.2.7 Cross Site Request Forgery
16.05.2018
Tom Adams
Med.
IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
15.05.2018
Jan Bee
Low
WordPress WP User Groups 2.0.0 Cross Site Request Forgery
12.05.2018
Tom Adams
Low
Fastweb FASTGate 0.00.47 Cross Site Request Forgery
10.05.2018
Raffaele Sabato
Low
phpVirtualBox 5.2 Cross Site Request Forgery / Cross Site Scripting
10.05.2018
Codex Lynx
Low
Easy Hosting Control Panel 0.37.12.b Cross Site Request Forgery
09.05.2018
hyp3rlinx


CVEMAP Search Results

CVE
Details
Description
2019-02-18
Medium
CVE-2019-8902

Vendor: Idreamsoft
Software: ICMS
 

 
An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.

 
Medium
CVE-2019-8910

Vendor: Wtcms project
Software: Wtcms
 

 
An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.

 
2019-02-15
Medium
CVE-2019-8347

Vendor: Beescms
Software: Beescms
 

 
BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI.

 
2019-02-11
Medium
CVE-2019-7730

Vendor: Mywebsql
Software: Mywebsql
 

 
MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI.

 
Medium
CVE-2019-7737

Vendor: Verydows
Software: Verydows
 

 
A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit.

 
Medium
CVE-2019-7738

Updating...
 

 
C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI.

 
2019-02-10
Medium
CVE-2018-20780

Vendor: TRAQ
Software: TRAQ
 

 
Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1).

 
2019-02-07
Medium
CVE-2019-7566

Vendor: Cszcms
Software: Csz cms
 

 
CSZ CMS 1.1.8 has CSRF via admin/users/new/add.

 
Medium
CVE-2019-7569

Vendor: Wdoyo
Software: DOYO
 

 
An issue was discovered in DOYO (aka doyocms) 2.3(20140425 update). There is a CSRF vulnerability that can add a super administrator account via admin.php?c=a_adminuser&a=add&run=1.

 
Medium
CVE-2019-7570

Vendor: Pbootcms
Software: Pbootcms
 

 
A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top