Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7067 | 1 Mmonit | 1 Monit | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service. | |||||
| CVE-2016-6806 | 1 Apache | 1 Wicket | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was provided. Furthermore, not all Wicket server side targets were subjected to the CSRF check. This was also fixed. | |||||
| CVE-2016-5758 | 1 Netiq | 1 Access Manager | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load. | |||||
| CVE-2016-4469 | 1 Apache | 1 Archiva | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new repository proxy connectors via the token parameter to admin/addProxyConnector_commit.action, (2) new repositories via the token parameter to admin/addRepository_commit.action, (3) edit existing repositories via the token parameter to admin/editRepository_commit.action, (4) add legacy artifact paths via the token parameter to admin/addLegacyArtifactPath_commit.action, (5) change the organizational appearance via the token parameter to admin/saveAppearance.action, or (6) upload new artifacts via the token parameter to upload_submit.action. | |||||
| CVE-2016-1607 | 1 Novell | 1 Filr | 2023-11-07 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request. | |||||
| CVE-2014-5280 | 1 Boot2docker | 1 Boot2docker | 2023-11-07 | 9.3 HIGH | 8.8 HIGH |
| boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons enabling TCP connections without TLS authentication. | |||||
| CVE-2014-0594 | 1 Opensuse | 1 Open Build Service | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent. | |||||
| CVE-2013-5977 | 1 Cart66 | 1 Cart66 Lite Plugin | 2023-11-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that (1) create or modify products or conduct cross-site scripting (XSS) attacks via the (2) Product name or (3) Price description field in a product save action via a request to wp-admin/admin.php. | |||||
| CVE-2013-3253 | 2 Wordpress, Xhanch | 2 Wordpress, My Twitter | 2023-11-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/setting.php in the Xhanch - My Twitter plugin before 2.7.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change unspecified settings. | |||||
| CVE-2011-5226 | 2 Trioniclabs, Wordpress | 2 Sentinel, Wordpress | 2023-11-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots. | |||||
| CVE-2011-4298 | 1 Moodle | 1 Moodle | 2023-11-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in mod/wiki/ components in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allow remote attackers to hijack the authentication of arbitrary users for requests that modify wiki data. | |||||
| CVE-2011-4281 | 1 Moodle | 1 Moodle | 2023-11-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 2.0.x before 2.0.2 allow remote attackers to hijack the authentication of arbitrary users for requests that mark the completion of (1) an activity or (2) a course. | |||||
| CVE-2011-4133 | 1 Moodle | 1 Moodle | 2023-11-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before 1.9.11 allows remote attackers to hijack the authentication of unspecified victims for requests that modify an RSS feed in an RSS block. | |||||
| CVE-2011-3381 | 1 Phorum | 1 Phorum | 2023-11-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2011-2085 | 1 Bestpractical | 1 Rt | 2023-11-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2011-1482 | 1 Phpnuke | 1 Php-nuke | 2023-11-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison. | |||||
| CVE-2010-3449 | 2 Apache, Jesse Mcconnell | 2 Archiva, Redback | 2023-11-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; allows remote attackers to hijack the authentication of administrators for requests that modify credentials. | |||||
| CVE-2008-6048 | 1 Tangocms | 1 Tangocms | 2023-11-07 | 6.0 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in TangoCMS before 2.2.0 allow remote attackers to hijack the authentication of administrators. | |||||
| CVE-2008-5028 | 2 Nagios, Op5 | 2 Nagios, Monitor | 2023-11-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests. | |||||
| CVE-2008-2071 | 1 Cpanel | 1 Cpanel | 2023-11-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors. | |||||