Total
7922 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-12970 | 1 Apache2triad | 1 Apache2triad | 2025-04-20 | N/A |
Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php. | ||||
CVE-2016-4504 | 1 Meteocontrol | 1 Weblog | 2025-04-20 | N/A |
A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function. | ||||
CVE-2017-5473 | 1 Ntop | 1 Ntopng | 2025-04-20 | N/A |
Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua. | ||||
CVE-2016-4879 | 1 Basercms | 2 Basercms, Mail | 2025-04-20 | 8.8 High |
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||
CVE-2014-9137 | 1 Huawei | 11 Fusionmanager, Usg2100, Usg2100 Firmware and 8 more | 2025-04-20 | N/A |
Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. | ||||
CVE-2016-2539 | 1 Atutor | 1 Atutor | 2025-04-20 | N/A |
Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file. | ||||
CVE-2014-9136 | 1 Huawei | 11 Fusionmanager, Usg2100, Usg2100 Firmware and 8 more | 2025-04-20 | N/A |
Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. | ||||
CVE-2016-3029 | 1 Ibm | 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 2 more | 2025-04-20 | N/A |
IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
CVE-2014-0120 | 2 Hawt, Redhat | 2 Hawtio, Jboss Fuse | 2025-04-20 | N/A |
Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f." | ||||
CVE-2017-17905 | 1 Car Rental Script Project | 1 Car Rental Script | 2025-04-20 | N/A |
PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. | ||||
CVE-2016-4311 | 1 Wso2 | 1 Identity Server | 2025-04-20 | N/A |
Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request. | ||||
CVE-2015-2878 | 1 Watchguard | 1 Hawkeye G | 2025-04-20 | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist. | ||||
CVE-2016-6806 | 1 Apache | 1 Wicket | 2025-04-20 | N/A |
Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was provided. Furthermore, not all Wicket server side targets were subjected to the CSRF check. This was also fixed. | ||||
CVE-2015-5395 | 2 Alinto, Debian | 2 Sogo, Debian Linux | 2025-04-20 | 8.8 High |
Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. | ||||
CVE-2016-7904 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | N/A |
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request. | ||||
CVE-2015-5081 | 1 Django-cms | 1 Django Cms | 2025-04-20 | N/A |
Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors. | ||||
CVE-2016-5372 | 1 Netapp | 1 Snap Creator Framework | 2025-04-20 | N/A |
Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | ||||
CVE-2016-9456 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | N/A |
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed. | ||||
CVE-2016-4909 | 1 Cybozu | 1 Garoon | 2025-04-20 | N/A |
Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors. | ||||
CVE-2016-4315 | 1 Wso2 | 1 Carbon | 2025-04-20 | N/A |
Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxy_ajaxprocessor.jsp. |