Total
5841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0829 | 1 Mibew | 1 Mibew Messenger | 2017-08-29 | 6.0 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew Messenger 1.6.4 and earlier allow remote attackers to hijack the authentication of operators for requests that insert cross-site scripting (XSS) sequences via the (1) address or (2) threadid parameters to operator/ban.php; or (3) geolinkparams, (4) title, or (5) chattitle parameters to operator/settings.php. | |||||
| CVE-2012-0748 | 1 Ibm | 1 Rational Team Concert | 2017-08-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified services in IBM Rational Team Concert (RTC) 4.x before 4.0.0.1 allow remote attackers to hijack the authentication of arbitrary users for requests that modify work items. | |||||
| CVE-2012-0730 | 1 Ibm | 1 Rational Appscan | 2017-08-29 | 6.0 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | |||||
| CVE-2012-0714 | 1 Ibm | 6 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 3 more | 2017-08-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2012-0440 | 1 Mozilla | 1 Bugzilla | 2017-08-29 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API. | |||||
| CVE-2011-5131 | 1 Mybb | 1 Mybb | 2017-08-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter. | |||||
| CVE-2011-5068 | 1 Sitracker | 1 Support Incident Tracker | 2017-08-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via user_delete.php and other unspecified programs. | |||||
| CVE-2011-4947 | 1 E107 | 1 E107 | 2017-08-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter. | |||||
| CVE-2011-4005 | 1 Cisco | 8 Small Business Srp520 Series Firmware, Small Business Srp521w, Small Business Srp526w and 5 more | 2017-08-29 | 9.3 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and SRP547W with firmware before 1.2.1 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands, aka Bug ID CSCtr45124. | |||||
| CVE-2011-3836 | 1 Wuzly | 1 Wuzly | 2017-08-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Wuzly 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator, (2) perform cross-site scripting (XSS), (3) perform SQL injection, or have other unspecified impact via unknown vectors. | |||||
| CVE-2011-2753 | 1 Squirrelmail | 1 Squirrelmail | 2017-08-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555. | |||||
| CVE-2010-5283 | 1 Opentext | 1 Livelink Ecm | 2017-08-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in OpenText ECM (formerly Livelink ECM) 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions. | |||||
| CVE-2010-5088 | 1 Silverstripe | 1 Silverstripe | 2017-08-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in SilverStripe 2.3.x before 2.3.9 and 2.4.x before 2.4.3 allow remote attackers to hijack the authentication of administrators via destructive controller actions, a different vulnerability than CVE-2010-5087. | |||||
| CVE-2010-5085 | 1 Hulihanapplications | 1 Amethyst | 2017-08-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in admin/update_user in Hulihan Amethyst 0.1.5, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration. | |||||
| CVE-2017-12589 | 1 Tomaxcom | 4 R60g, R60g Firmware, R60gv2 and 1 more | 2017-08-26 | 6.8 MEDIUM | 8.8 HIGH |
| ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack. | |||||
| CVE-2017-12853 | 1 Rtsindia | 2 Rwr-3g-100, Rwr-3g-100 Firmware | 2017-08-25 | 6.8 MEDIUM | 8.8 HIGH |
| The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. | |||||
| CVE-2017-6328 | 1 Symantec | 1 Message Gateway | 2017-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser. | |||||
| CVE-2017-12593 | 1 Asus | 2 Dsl-n10s Firmware, Dsl-n10s Router | 2017-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. | |||||
| CVE-2017-12881 | 1 Spring Batch Admin Project | 1 Spring Batch Admin | 2017-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability. | |||||
| CVE-2015-5081 | 1 Django-cms | 1 Django Cms | 2017-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors. | |||||