Microsoft Exchange Server has a flaw that exists within the HasValidCanary function inside of the Canary15 class. The issue results in an insecure generation of cross site request forgery tokens that can be used to install an office-addins. An attacker can leverage this vulnerability to escalate privileges to an administrative account.
81b28382748f4fe34c5a25dbf5cda8e9
Apache MyFaces versions 2.2.13 and below, 2.3.7 and below, 2.3-next-M4 and below, and 2.1 and below suffer from a cross site request forgery vulnerability.
a8e80747410cdf24bd08eed09d1cb041
Backdoor.Win32.Agent.aak malware suffers from code execution and cross site request forgery vulnerabilities.
3709fd6065b0c25e41efd07763d6e07d
Unibox version 2.4 suffers from remote code execution and cross site request forgery vulnerabilities.
0d9c1908b02b93829d56268f4e5a5330
Various Unibox products suffers from a cross site request forgery vulnerability.
f4a13dbef7fa744bc2d7fb564747eaea
Pixelimity version 1.0 suffers from a cross site request forgery vulnerability.
9703bfe3f4d733d4fa66e4bc6ad6e779
bloofoxCMS version 0.5.2.1 suffers from a cross site request forgery vulnerability.
01f0ae89aa79bdcb7db265f8a62f6725
STVS ProVision version 5.9.10 suffers from a cross site request forgery vulnerability.
9d1413e4356b04442edd4cf4047a66f3
MyBB Timeline plugin version 1.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
07af945c1ca865c50d8bff5444d26630
Selea Targa IP OCR-ANPR Camera suffers from a cross site request forgery vulnerability that allows for adding an administrator. Multiple versions and firmwares are affected.
be38ae0d2e3c159a66288558c320fb05
Anchor CMS version 0.12.7 suffers from a cross site request forgery vulnerability.
531e88f62d5b3b0859e9fbe1287e363c
Online Hotel Reservation System version 1.0 suffers from a cross site request forgery vulnerability.
fb9e7a0cd6253ffe05b2cf9641cb64f7
PHP-Fusion version 9.03.90 suffers from a cross site request forgery vulnerability.
a76b7516f7ee7034ed0e11633425eb87
Pepperl+Fuchs IO-Link Master Series with system version 1.36 and application version 1.5.28 suffers from command injection, cross site request forgery, cross site scripting, denial of service, and null pointer vulnerabilities.
aa2d5c40642dad8f8d6fe9a2f9666788
OpenCart version 3.0.36 account takeover cross site request forgery exploit.
4799d11fbee89c9aa753825d8fac8753
Advanced Webhost Billing System version 3.7.0 suffers from a cross site request forgery vulnerability.
322e1cc37285fbfcaf5ed1c2abb3cf49
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) versions below 6.5 SP2 EN Patch 4 Build 1919 suffers from bypass, command execution, cross site request forgery, cross site scripting, and server-side request forgery vulnerabilities.
0011367f30c2126b8da594f31400e629
Rukovoditel version 2.6.1 suffers from a cross site request forgery vulnerability.
4b64683a6cbbdaf080d796bd5839739e
OpenAsset Digital Asset Management suffers from a cross site request forgery vulnerability.
4ef799a57a5bebf1c7686ee9e8bb591b
OpenCart version 3.0.3.6 suffers from a cross site request forgery vulnerability.
653b511525bcf3f512b9490ff9ce885f
EgavilanMedia User Registration and Login System with Admin Panel version 1.0 suffers from a cross site request forgery vulnerability.
2f6b32d07f651352b576dd97c5209593
TypeSetter version 5.1 suffers from a cross site request forgery vulnerability.
b67e8396e549f39a1f6d2f1fe8eb968a
ZTE WLAN router MF253V version 1.0.0B04 suffers from cross site request forgery, hardcoded password, outdated component, and cross site scripting vulnerabilities.
b293a0edbfa49250febb13cbf573bd9b
Customer Support System version 1.0 suffers from a cross site request forgery vulnerability.
7cb61348999bd582e9317e96cda8d769
Genexis Platinum-4410 version P4410-V2-1.28 suffers from missing access control and cross site request forgery vulnerabilities.
19dd7cfa841cbf52a780424e364979a9