Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6449 | 1 Centurysys | 9 Xr-1100, Xr-410, Xr-410-l2 and 6 more | 2017-08-17 | 4.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in multiple Century Systems routers including XR-410 before 1.6.9, XR-510 before 3.5.3, XR-440 before 1.7.8, and other XR series routers from XR-510 to XR-730 allows remote attackers to modify configuration as the administrator via unknown vectors. | |||||
| CVE-2008-6384 | 1 Drupal | 1 Comment Mail | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Comment Mail 5.x before 5.x-1.1, a module for Drupal, allow remote attackers to hijack the authentication of administrators. | |||||
| CVE-2008-6331 | 1 Streber-pm | 1 Streber | 2017-08-17 | 6.0 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Streber before 0.08093 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2008-6239 | 1 Openedit | 1 Openedit Digital Asset Management | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to perform unspecified actions as arbitrary users via unknown vectors. | |||||
| CVE-2008-6169 | 1 Drupal | 2 Localization Client, Localization Server | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Localization client 5.x before 5.x-1.1 and 6.x before 6.x-1.6 and the Localization server 5.x before 5.x-1.0-alpha5 and 6.x before 6.x-alpha2, modules for Drupal, allows remote attackers to perform unauthorized actions as administrators via unspecified vectors related to the "local translation submission interface." | |||||
| CVE-2017-7447 | 1 Helpdezk | 1 Helpdezk | 2017-08-16 | 6.8 MEDIUM | 8.8 HIGH |
| HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP code. | |||||
| CVE-2017-7446 | 1 Helpdezk | 1 Helpdezk | 2017-08-16 | 6.8 MEDIUM | 8.8 HIGH |
| HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges. | |||||
| CVE-2017-6086 | 1 Vimbadmin | 1 Vimbadmin | 2017-08-16 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to <vimbadmin directory>/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to <vimbadmin directory>/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to <vimbadmin directory>/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to <vimbadmin directory>/application/controllers/AliasController.php. | |||||
| CVE-2017-0045 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2017-08-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site Request Forgery Vulnerability." | |||||
| CVE-2016-6277 | 1 Netgear | 22 D6220, D6220 Firmware, D6400 and 19 more | 2017-08-16 | 9.3 HIGH | 8.8 HIGH |
| NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/. | |||||
| CVE-2017-12651 | 1 Loginizer | 1 Loginizer | 2017-08-15 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked. | |||||
| CVE-2017-10677 | 1 Linksys | 2 Ea4500, Ea4500 Firmware | 2017-08-14 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices with Firmware Version before 2.1.41.164606, as demonstrated by a request to apply.cgi to disable SIP. | |||||
| CVE-2017-8836 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2017-08-13 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface. | |||||
| CVE-2016-6893 | 1 Gnu | 1 Mailman | 2017-08-13 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account. | |||||
| CVE-2016-1470 | 1 Cisco | 1 Small Business 220 Series Smart Plus Switches | 2017-08-13 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuz76230. | |||||
| CVE-2017-2273 | 1 Buffalo | 4 Wmr-433, Wmr-433 Firmware, Wmr-433w and 1 more | 2017-08-10 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2017-9490 | 3 Arris, Cisco, Commscope | 4 Tg1682g Firmware, Dpc3939b, Dpc3939b Firmware and 1 more | 2017-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF. | |||||
| CVE-2009-0408 | 1 Oscommerce | 1 Oscommerce | 2017-08-08 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in osCommerce 2.2 RC 2a allows remote attackers to hijack the authentication of administrators. | |||||
| CVE-2009-0112 | 1 Expinion | 1 Poll Pro | 2017-08-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote attackers to create or modify accounts as administrators via the username, password, and name parameters. | |||||
| CVE-2008-5758 | 1 Phparanoid | 1 Phparanoid | 2017-08-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in PHParanoid before 0.5 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors related to private messages. | |||||