Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2020-9369: [SA 2020-001] Security flaws in CSRF prevension, CVE-2020-9369 · Issue #886 · sympa-community/sympa

Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.

CVE
#csrf#dos#git
CVE-2020-8813: Releases · Cacti/cacti

graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.

CVE-2020-2118: Jenkins Security Advisory 2020-02-12

A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

CVE-2020-2117: Jenkins Security Advisory 2020-02-12

A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2019-20098: Atlassian Jira Multiple CSRF

The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present.

CVE-2019-20099: [JRASERVER-70606] CSRF in VerifyPopServerConnection!add.jspa - CVE-2019-20099

The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present.

CVE-2019-20401: [JRASERVER-70406] Various Jira Server setup resources are vulnerable to XSRF/CSRF - CVE-2019-20401

Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities.

CVE-2013-7053

D-Link DIR-100 4.03B07: cli.cgi CSRF

CVE-2013-7051: Offensive Security’s Exploit Database Archive

D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters

CVE-2019-7654: Disclosures/CVE-2019-7654-CSRF-Wowza at master · DrunkenShells/Disclosures

Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server->Users component. This issue was resolved in Wowza Streaming Engine 4.8.5.