Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2019-15046: ServiceDesk Plus readme | Service desk release notes | ServiceDesk Plus latest version read me notes | IT service management release notes | Service desk current version

Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.

CVE
#sql#xss#csrf#vulnerability#web#ios#android#mac#windows#apple#google#microsoft#ubuntu#linux#debian#cisco#red_hat#dos#redis#js#git#java#oracle
CVE-2019-14683: Import and export users and customers

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.

CVE-2019-1958: Cisco Security Advisory: Cisco HyperFlex Software Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.

CVE-2019-10376: Jenkins Security Advisory 2019-08-07

A reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.

CVE-2019-10372: Jenkins Security Advisory 2019-08-07

An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login.

CVE-2019-10374: Jenkins Security Advisory 2019-08-07

A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI.