CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2019(CSRF)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-6294 352 CSRF 2019-01-15 2019-01-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI.
2 CVE-2019-6249 352 CSRF 2019-01-13 2019-01-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add.
3 CVE-2019-6244 Exec Code CSRF 2019-01-11 2019-01-11
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file.
4 CVE-2018-1000417 CSRF 2019-01-09 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates.
5 CVE-2018-1000414 CSRF 2019-01-09 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions.
6 CVE-2018-1000411 CSRF 2019-01-09 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result.
7 CVE-2018-20728 CSRF 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp3 allows remote attackers to escalate privileges via User-Management.php.
8 CVE-2018-16887 Exec Code +Priv XSS CSRF 2019-01-12 2019-01-12
0.0
None ??? ??? ??? ??? ??? ???
A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Versions before 3.9.0 are vulnerable.
9 CVE-2016-10738 352 CSRF 2019-01-15 2019-01-18
6.8
None Remote Medium Not required Partial Partial Partial
Zenbership v107 has CSRF via admin/cp-functions/event-add.php.
Total number of vulnerabilities : 9   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.