Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

Ivanti ADC 9.9 Authentication Bypass

Ivanti ADC version 9.9 suffers from an authentication bypass vulnerability.

Packet Storm
Open in Source
#csrf#vulnerability#web#linux#auth#docker
GHSA-w9pg-7c3h-fc8j: ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF

### Impact Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF) Affected products: * Icinga Web (>=2.12.0) * Icinga DB Web (>=1.0.0) * Icinga Notifications Web (>=0.1.0) * Icinga Web JIRA Integration (>=1.3.0) All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. ### Patches Version 0.10.1 will include a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release.

AccPack Cop 1.0 Cross Site Request Forgery

AccPack Cop version 1.0 suffers from a cross site request forgery vulnerability.

Johnson Controls exacqVision Web Service

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: exacqVision Web Service Vulnerability: Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform state-changing operations with administrative privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Johnson Controls exacqVision Web Service are affected: exacqVision Web Service: Versions 24.03 and prior 3.2 Vulnerability Overview 3.2.1 CROSS-SITE REQUEST FORGERY (CSRF) CWE-352 In Johnson Controls exacqVision Web Service versions 24.03 and prior, an attacker may be able to perform state-changing operations with administrative privileges. CVE-2024-32863 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturi...

Aero CMS 0.0.1 Cross Site Request Forgery

Aero CMS version 0.0.1 suffers from a cross site request forgery vulnerability.

Epson Expression Home XP255 20.08.FM10I8 Cross Site Request Forgery

An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. POST requests do not require anti-CSRF tokens or other mechanisms for validating that the request is from a legitimate source. In addition, CSRF attacks can be used to send text directly to the RAW printer interface. For example, an attack could deliver a worrisome printout to an end user.