Search
Total
3999 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3877 | 1 Cisco | 1 Unified Communications Manager | 2017-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web interface of the affected software. More Information: CSCvb70021. Known Affected Releases: 11.5(1.11007.2). | |||||
| CVE-2017-1194 | 1 Ibm | 1 Websphere Application Server | 2017-07-11 | 6.8 MEDIUM | 8.8 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669. | |||||
| CVE-2005-3348 | 1 Phpsysinfo | 1 Phpsysinfo | 2017-07-11 | 4.3 MEDIUM | N/A |
| HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter. | |||||
| CVE-2017-6659 | 1 Cisco | 1 Prime Collaboration Assurance | 2017-07-08 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvc91800. Known Affected Releases: 11.5(0) 11.6. | |||||
| CVE-2017-6634 | 1 Cisco | 5 Ie-1000-4p2s-lm, Ie-1000-4t1t-lm, Ie-1000-6t2t-lm and 2 more | 2017-07-08 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the Device Manager web interface of Cisco Industrial Ethernet 1000 Series Switches 1.3 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the Device Manager web interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to an affected device via the Device Manager web interface and with the privileges of the user. Cisco Bug IDs: CSCvc88811. | |||||
| CVE-2017-7620 | 1 Mantisbt | 1 Mantisbt | 2017-07-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI. | |||||
| CVE-2017-5943 | 1 Bestpractical | 1 Request Tracker | 2017-07-07 | 6.8 MEDIUM | 8.8 HIGH |
| Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL. | |||||
| CVE-2016-1000213 | 1 Ruckus | 1 Wireless H500 | 2017-07-07 | 6.8 MEDIUM | 8.8 HIGH |
| Ruckus Wireless H500 web management interface CSRF | |||||
| CVE-2017-10678 | 1 Piwigo | 1 Piwigo | 2017-07-06 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request. | |||||
| CVE-2016-1000218 | 1 Elastic | 1 Kibana Reporting | 2017-07-05 | 6.8 MEDIUM | 8.8 HIGH |
| Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page. | |||||
| CVE-2017-10681 | 1 Piwigo | 1 Piwigo | 2017-07-05 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request. | |||||
| CVE-2017-10680 | 1 Piwigo | 1 Piwigo | 2017-07-04 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request. | |||||
| CVE-2016-9866 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2017-9673 | 1 Simplece | 1 Simplece | 2017-06-22 | 6.8 MEDIUM | 8.8 HIGH |
| In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password. | |||||
| CVE-2016-7809 | 1 Corega | 2 Cg-wlr300nx, Cg-wlr300nx Firmware | 2017-06-16 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors. | |||||
| CVE-2016-7822 | 1 Buffalotech | 2 Wnc01wh, Wnc01wh Firmware | 2017-06-15 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors. | |||||
| CVE-2015-1786 | 1 Zend | 1 Zend Framework | 2017-06-15 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers. | |||||
| CVE-2016-9991 | 1 Ibm | 1 Sterling Selling And Fulfillment Foundation | 2017-06-14 | 6.0 MEDIUM | 8.0 HIGH |
| IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314. | |||||
| CVE-2017-9517 | 1 Atmail | 1 Atmail | 2017-06-13 | 6.8 MEDIUM | 8.8 HIGH |
| atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV. | |||||
| CVE-2017-9518 | 1 Atmail | 1 Atmail | 2017-06-13 | 6.8 MEDIUM | 8.8 HIGH |
| atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails. | |||||
| CVE-2017-9519 | 1 Atmail | 1 Atmail | 2017-06-13 | 6.8 MEDIUM | 8.8 HIGH |
| atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account. | |||||
| CVE-2016-4909 | 1 Cybozu | 1 Garoon | 2017-06-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors. | |||||
| CVE-2016-4907 | 1 Cybozu | 1 Garoon | 2017-06-13 | 6.8 MEDIUM | 8.8 HIGH |
| Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors. | |||||
| CVE-2017-9444 | 1 Bigtreecms | 1 Bigtree Cms | 2017-06-12 | 6.8 MEDIUM | 8.8 HIGH |
| BigTree CMS through 4.2.18 has CSRF related to the core\admin\modules\users\profile\update.php script (modify user information), the index.php/admin/developer/packages/delete/ URI (remove packages), the index.php/admin/developer/upgrade/ignore/?versions= URI, and the index.php/admin/developer/upgrade/set-ftp-directory/ URI. | |||||
| CVE-2016-8229 | 1 Lenovo | 1 Lenovo Service Bridge | 2017-06-09 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed. | |||||
| CVE-2016-8941 | 1 Ibm | 2 Spectrum Control, Tivoli Storage Productivity Center | 2017-06-08 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2017-9365 | 1 Bigtreecms | 1 Bigtree Cms | 2017-06-06 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked. | |||||
| CVE-2017-9379 | 1 Bigtreecms | 1 Bigtree Cms | 2017-06-06 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php. | |||||
| CVE-2017-8382 | 1 Admidio | 1 Admidio | 2017-06-05 | 3.5 LOW | 4.5 MEDIUM |
| admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts. | |||||
| CVE-2016-4854 | 1 Nttdocomo | 2 L-04d, L-04d Firmware | 2017-05-31 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors. | |||||
| CVE-2016-4904 | 1 Wp-olivecart | 2 Olivecart, Olivecartpro | 2017-05-30 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to hijack the authentication of a user to perform unintended operations via unspecified vectors. | |||||
| CVE-2017-8930 | 1 Simpleinvoices | 1 Simple Invoices | 2017-05-25 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application, (2) create regular user accounts, or (3) change configuration parameters such as tax rates and the enable/disable status of PayPal payment modules. | |||||
| CVE-2016-7980 | 1 Spip | 1 Spip | 2017-05-24 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code. | |||||
| CVE-2017-7491 | 1 Moodle | 1 Moodle | 2017-05-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting. | |||||
| CVE-2016-4891 | 1 Setucocms Project | 1 Setucocms | 2017-05-23 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in SetsucoCMS all versions allows remote attackers to hijack the authentication of an administrator to change settings via unspecified vectors. | |||||
| CVE-2017-8875 | 1 Codection | 1 Clean Login | 2017-05-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL. | |||||
| CVE-2016-4886 | 1 Basercms | 1 Basercms | 2017-05-18 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2016-4885 | 1 Basercms | 1 Basercms | 2017-05-18 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Feed version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2016-4884 | 1 Basercms | 1 Basercms | 2017-05-18 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2016-4887 | 1 Basercms | 1 Basercms | 2017-05-18 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Uploader version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2016-4882 | 1 Basercms | 1 Basercms | 2017-05-18 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2016-4881 | 1 Basercms | 1 Basercms | 2017-05-18 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2016-4878 | 1 Basercms | 1 Basercms | 2017-05-18 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2016-4876 | 1 Basercms | 1 Basercms | 2017-05-18 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors. | |||||
| CVE-2017-5891 | 1 Asus | 2 Rt-ac1750, Rt-ac1750 Firmware | 2017-05-16 | 6.8 MEDIUM | 8.8 HIGH |
| ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF. | |||||
| CVE-2017-7431 | 2 Netiq, Novell | 2 Imanager, Imanager | 2017-05-15 | 6.8 MEDIUM | 8.8 HIGH |
| Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. | |||||
| CVE-2016-5889 | 1 Ibm | 1 Interact | 2017-05-15 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 115085. | |||||
| CVE-2017-2102 | 1 Ipa | 1 Appgoat | 2017-05-05 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2017-8100 | 1 Artistscope | 1 Copysafe Web Protection | 2017-05-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings. | |||||
| CVE-2017-8098 | 1 E107 | 1 E107 | 2017-04-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker. | |||||