Cross-site Request Forgery (CSRF)

alextselegidis/easyappointments is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to CSRF protection being enforced only for POST requests while state-changing actions accept GET parameters, which allows an attacker to perform unauthorized administrative actions through...

CVE-2023-37995

Cross-Site Request Forgery CSRF vulnerability in Chetan Gole WP-CopyProtect Protect your blog posts plugin = 3.1.0 versions...

Design/Logic Flaw

The Web Post Protection feature in McAfee Host Data Loss Prevention DLP 3.x before 3.0.100.10 and 9.x before 9.0.0.422, when HTTP Capture mode is enabled, allows local users to obtain sensitive information from web traffic by reading unspecified files...

CVE-2009-5117

The CVE-2009-5117 entry concerns McAfee Host Data Loss Prevention (DLP) with its Web Post Protection feature. Versions 3.x prior to 3.0.100.10 and 9.x prior to 9.0.0.422, when HTTP Capture mode is enabled, may let local users obtain sensitive information from web traffic by reading unspecified fi...

CVE-2009-5117

The Web Post Protection feature in McAfee Host Data Loss Prevention DLP 3.x before 3.0.100.10 and 9.x before 9.0.0.422, when HTTP Capture mode is enabled, allows local users to obtain sensitive information from web traffic by reading unspecified files...

Invoker servlets authentication bypass (HTTP verb tampering)

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...