Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0524 | 1 Yamaha | 18 Rt107e, Rt52pro, Rt56v and 15 more | 2017-08-08 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in the management interface in multiple Yamaha RT series routers allows remote attackers to change password settings and probably other configuration settings as administrators via unspecified vectors. | |||||
| CVE-2008-0336 | 1 Bugtracker.net | 1 Bugtracker.net | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in BugTracker.NET before 2.7.2 allow remote attackers to delete arbitrary bugs and perform other administrative tasks via unspecified vectors, possibly related to delete_*.aspx pages, and massedit.aspx, subscribe.aspx, flag.aspx, and relationships.aspx. | |||||
| CVE-2008-0272 | 1 Drupal | 1 Drupal | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users. | |||||
| CVE-2008-0271 | 1 Drupal | 1 Bueditor | 2017-08-08 | 4.3 MEDIUM | N/A |
| The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete custom editor interfaces. | |||||
| CVE-2008-0165 | 1 Ikiwiki | 1 Ikiwiki | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms. | |||||
| CVE-2017-1000008 | 1 Chyrp-lite Project | 1 Chyrp Lite | 2017-08-07 | 6.8 MEDIUM | 8.8 HIGH |
| Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password. | |||||
| CVE-2017-11646 | 1 Netcomm | 2 4gt101w Bootloader, 4gt101w Software | 2017-08-04 | 6.8 MEDIUM | 8.8 HIGH |
| NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain any token that can mitigate CSRF vulnerabilities within the device. | |||||
| CVE-2017-11726 | 1 Connectwise | 1 Manage | 2017-08-04 | 6.8 MEDIUM | 8.8 HIGH |
| services/system_io/actionprocessor/System.rails in ConnectWise Manage 2017.5 is vulnerable to Cross-Site Request Forgery (CSRF), as demonstrated by changing an e-mail address setting. | |||||
| CVE-2017-11648 | 1 Techroutes | 2 Tr 1803-3g, Tr 1803-3g Firmware | 2017-08-04 | 6.8 MEDIUM | 8.8 HIGH |
| Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering. | |||||
| CVE-2017-11679 | 1 Hashtopus Project | 1 Hashtopus | 2017-08-03 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action. | |||||
| CVE-2016-9716 | 1 Ibm | 1 Infosphere Master Data Management Server | 2017-08-03 | 6.8 MEDIUM | 8.8 HIGH |
| IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119729. | |||||
| CVE-2016-9714 | 1 Ibm | 1 Infosphere Master Data Management Server | 2017-08-03 | 6.8 MEDIUM | 8.8 HIGH |
| IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119727. | |||||
| CVE-2017-11680 | 1 Project Hashtopussy | 1 Hashtopussy | 2017-08-02 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php. | |||||
| CVE-2016-6427 | 1 Cisco | 2 Unified Contact Center Express, Unified Intelligence Center | 2017-07-30 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654. | |||||
| CVE-2016-6417 | 1 Cisco | 1 Firesight System Software | 2017-07-30 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636. | |||||
| CVE-2016-7123 | 1 Gnu | 1 Mailman | 2017-07-29 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators. | |||||
| CVE-2016-6442 | 1 Cisco | 1 Finesse | 2017-07-29 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvb57213. Known Affected Releases: 11.0(1). | |||||
| CVE-2007-5799 | 1 Ibm | 1 Websphere Application Server | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters. | |||||
| CVE-2007-5575 | 1 Treble Designs | 1 1024 Cms | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in 1024 CMS 1.2.5 allows remote attackers to perform some actions as administrators, as demonstrated by (1) an unspecified action that creates a file containing PHP code and (2) unspecified use of the forum component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5251 | 1 Webhost Automation | 1 Helm Web Hosting Control Panel | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Helm 3.2.16 allow remote attackers to inject arbitrary web script or HTML via (1) the showOption parameter to domain.asp, or the (2) Folder or (3) StartPath parameter to FileManager.asp. | |||||