Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2020-10478: Home

CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request.

CVE
#xss#csrf#vulnerability#dos#php#rce
CVE-2020-10479: Home

CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request.

CVE-2020-10481: Home

CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request.

CVE-2020-10480: Home

CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request.

CVE-2020-2137: Jenkins Security Advisory 2020-03-09

Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.

CVE-2020-2159: Jenkins Security Advisory 2020-03-09

Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins.

CVE-2020-9458: Multiple Vulnerabilities Patched in RegistrationMagic Plugin

In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export.

CVE-2020-9374: Hack ‘N’ Routers - Vulnerabilidades comuns em roteadores domésticos - [PT-BR]

On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature.

CVE-2020-9369: [SA 2020-001] Security flaws in CSRF prevension, CVE-2020-9369 · Issue #886 · sympa-community/sympa

Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.

CVE-2020-8813: Releases · Cacti/cacti

graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.