137 matches found
CVE-2024-3083
A “CWE-352: Cross-Site Request Forgery CSRF” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page...
CVE-2024-3083
A “CWE-352: Cross-Site Request Forgery CSRF” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page...
CVE-2024-3083
CVE-2024-3083 corresponds to a CSRF vulnerability in Plug&Track Sensor Net Connect (V2). Affected component: Plug&Track Sensor Net Connect V2, version 2.24. Root cause: cross-site request forgery that can enable remote attackers to perform state-changing operations with administrative privileges ...
CVE-2024-3083
A “CWE-352: Cross-Site Request Forgery CSRF” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page...
PT-2024-24418 · Leadinfo · Leadinfo
Name of the Vulnerable Software and Affected Versions: Leadinfo versions 1.0 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software. This issue allows an attacker to perform unintended actions on a user's account. The estimated number of potentially affected devices...
Cross site request forgery (csrf)
A successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF attack could compromise the entire web application...
PT-2023-32740 · Efacec · Bcu 500 +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF...
CVE-2023-38885
OpenSIS Classic Community Edition version 9.0 is described as lacking cross-site request forgery (CSRF) protection throughout the entire application. The vulnerability could allow an attacker to trick an authenticated user into performing any kind of state-changing request. The connected sources ...
Potential Race Condition in Rewards Calculation
Lines of code Vulnerability details Impact If exploited, this race condition could allow an attacker to manipulate rewards in transactions involving the buy, sell, mintNFT, or burnNFT functions. The attacker may gain an advantage in claiming rewards before the rewards calculation is updated. Proo...
CVE-2023-43508
Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to...
Authorization
Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to...
CVE-2023-43508
Technical details (affected product versions, root cause, and fixes) are not publicly disclosed in the provided documents; monitor for updates from Aruba and related advisories.
[M-16] Reentrancy in the BaseBranchRouter contract
Lines of code Vulnerability details Impact In a Re-entrancy attack, a malicious contract calls back into the calling contract before the first invocation of the function is finished. This may cause the different invocations of the function to interact in undesirable ways, especially in cases wher...
CVE-2022-30280
/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application even if it implements a CSRF token for the random GET request does not ever verify a CSRF token. With a litt...
Cross site request forgery (csrf)
/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application even if it implements a CSRF token for the random GET request does not ever verify a CSRF token. With a litt...
CVE-2022-30280
/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application even if it implements a CSRF token for the random GET request does not ever verify a CSRF token. With a litt...
CVE-2022-30280
Nokia NetAct 22 exposes a CSRF vulnerability at /SecurityManagement/html/createuser.jsf that lets remote attackers create users with arbitrary, including administrative, privileges. The app does not verify CSRF tokens, enabling exploitation via social engineering; impact ranges from unauthorized ...
CVE-2023-25594
A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of this vulnerability allows an attacker to...
Design/Logic Flaw
A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of this vulnerability allows an attacker to complete...
PT-2023-13408 · Dell · Powerpath Management Appliance
Name of the Vulnerable Software and Affected Versions: PowerPath Management Appliance versions 3.0 through 3.3 Description: The issue allows an unauthenticated non-privileged user to potentially exploit the Cross-site Request Forgery vulnerability and perform any privileged state-changing actions...