Design/Logic Flaw

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP...

Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense Denial of Service Vulnerabilities

Cisco Firepower Threat Defense and Cisco Adaptive Security Appliance are both products of Cisco, Inc. Cisco Firepower Threat Defense is a suite of unified software that provides next-generation firewall services.Cisco Adaptive Security Appliance is a firewall and network security platform. Cisco...

Apache httpd mod_cache_socache Denial of Service (CVE-2018-1303)

A denial-of-service vulnerability exists in Apache httpd. The vulnerability is due to improper validation of the headers in HTTP requests...

OSIsoft PI Web API Cross-Site Request Forgery Vulnerability

The OSIsoft PI Web API is a product for accessing PI system data. A cross-site request forgery vulnerability exists in the OSIsoft PI Web API. As the program fails to properly validate HTTP requests. An attacker could exploit the vulnerability to perform certain unauthorized actions and access th...

IBM Security Access Manager Cross-Site Request Forgery Vulnerability (CNVD-2017-01308)

IBM Security Access Manager is a security access manager from IBM USA. IBM Security Access Manager suffers from an unspecified cross-site scripting request forgery vulnerability that stems from a failure to adequately validate HTTP requests. An attacker could use this vulnerability to perform...

pfSense Firewall Cross-Site Request Forgery Vulnerability (CNVD-2016-02624)

pfSense is a free, open-source customized version of FreeBSD designed for use as a firewall and router. A cross-site request forgery vulnerability exists in pfSense. Due to insufficient script validation of HTTP requests, a remote attacker can spoof a logged-in administrator to access malicious w...

Multiple Cross-Site Request Forgery Vulnerabilities in Roundcube Webmail

RoundCube Webmail is a browser-based, multi-language IMAP client. Roundcube Webmail has multiple cross-site request forgery vulnerabilities because it fails to properly validate HTTP requests. An attacker could exploit these vulnerabilities to perform certain unauthorized actions and gain access ...

CVE-2011-0696

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...

CVE-2011-0696

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...

CVE-2011-0696

Technical details about CVE-2011-0696 are not publicly provided in the supplied documents; no affected products, versions, exploits, or fixes are stated here. Monitor for updates.

iCat Carbo Server File Disclosure Vulnerability

Description iCat Electronic Commerce Suite is an application which enables a user to create and manage web based catalogues. A remote user may retrieve known files on a target system running iCat Electronic Commerce Suite. The Carbo Server component of the Electronic Commerce Suite does not...