Total
5841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1672 | 1 Ibm | 1 Security Key Lifecycle Manager | 2018-01-16 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639. | |||||
| CVE-2014-0120 | 2 Hawt, Redhat | 2 Hawtio, Jboss Fuse | 2018-01-11 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f." | |||||
| CVE-2012-0453 | 1 Mozilla | 1 Bugzilla | 2018-01-11 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API. | |||||
| CVE-2017-17905 | 1 Car Rental Script Project | 1 Car Rental Script | 2018-01-10 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. | |||||
| CVE-2017-17908 | 1 Responsive Realestate Script Project | 1 Responsive Realestate Script | 2018-01-10 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general. | |||||
| CVE-2017-17936 | 1 Vanguard Project | 1 Marketplace Digital Products Php | 2018-01-10 | 6.8 MEDIUM | 8.8 HIGH |
| Vanguard Marketplace Digital Products PHP has CSRF via /search. | |||||
| CVE-2017-17930 | 1 Ordermanagementscript | 1 Professional Service Script | 2018-01-10 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel. | |||||
| CVE-2012-1843 | 2 Dell, Quantum | 7 Powervault Ml6000, Powervault Ml6000 Firmware, Powervault Ml6010 and 4 more | 2018-01-10 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to hijack the authentication of users for requests that execute Linux commands via the fileName parameter, related to a "command-injection vulnerability." | |||||
| CVE-2011-1397 | 1 Ibm | 6 Maximo Asset Management, Maximo Asset Management Essentials, Maximo Service Desk and 3 more | 2018-01-10 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2017-17982 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2018-01-09 | 6.0 MEDIUM | 6.8 MEDIUM |
| PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php. | |||||
| CVE-2017-17939 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2018-01-09 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php. | |||||
| CVE-2017-17903 | 1 Fortunescripts | 1 Lynda Clone | 2018-01-09 | 6.8 MEDIUM | 8.8 HIGH |
| FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel. | |||||
| CVE-2017-17891 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2018-01-09 | 6.8 MEDIUM | 8.8 HIGH |
| Readymade Video Sharing Script has CSRF via user-profile-edit.php. | |||||
| CVE-2017-17894 | 1 Basic Job Site Script Project | 1 Basic Job Site Script | 2018-01-09 | 6.8 MEDIUM | 8.8 HIGH |
| Readymade Job Site Script has CSRF via the /job URI. | |||||
| CVE-2017-17990 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2018-01-09 | 6.8 MEDIUM | 8.8 HIGH |
| Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. | |||||
| CVE-2017-1631 | 1 Ibm | 1 Jazz For Service Management | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140. | |||||
| CVE-2017-1746 | 1 Ibm | 1 Jazz For Service Management | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519. | |||||
| CVE-2012-0235 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2017-17774 | 1 Piwigo | 1 Piwigo | 2018-01-04 | 6.8 MEDIUM | 8.8 HIGH |
| admin/configuration.php in Piwigo 2.9.2 has CSRF. | |||||
| CVE-2017-17827 | 1 Piwigo | 1 Piwigo | 2018-01-03 | 6.8 MEDIUM | 8.8 HIGH |
| Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration§ion=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions. | |||||