Total
5841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3347 | 1 Cloudwords | 1 Cloudwords For Multilingual | 2016-12-06 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Cloudwords for Multilingual Drupal module before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of unspecified victims via an unknown menu callback. | |||||
| CVE-2015-3343 | 1 Opac Project | 1 Opac | 2016-12-06 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the OPAC module before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of unspecified victims for requests that remove a mapping via unknown vectors. | |||||
| CVE-2016-2963 | 1 Ibm | 1 Bigfix Remote Control | 2016-12-03 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2015-8152 | 1 Symantec | 1 Endpoint Protection Manager | 2016-12-03 | 8.5 HIGH | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script. | |||||
| CVE-2015-3141 | 1 Synametrics | 1 Xeams | 2016-12-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that create an (1) SMTP domain or a (2) user via a request to /FrontController; or conduct cross-site scripting (XSS) attacks via the (3) domainname parameter to /FrontController, when creating a new SMTP domain configuration; the (4) txtRecipient parameter to /FrontController, when creating a new forwarder; the (5) popFetchServer, (6) popFetchUser, or (7) popFetchRecipient parameter to /FrontController, when creating a new POP3 Fetcher account; or the (8) Smtp HELO domain in the Advanced Server Configuration. | |||||
| CVE-2015-2954 | 1 Igreks | 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem | 2016-12-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-2861 | 1 Vestacp | 1 Vesta Control Panel | 2016-12-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel before 0.9.8-14 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-2852 | 1 Blue Coat | 8 Ssl Visibility Appliance Sv1800, Ssl Visibility Appliance Sv1800 Firmware, Ssl Visibility Appliance Sv2800 and 5 more | 2016-12-03 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators. | |||||
| CVE-2015-2759 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2016-12-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allow remote attackers to hijack the authentication of users for requests that (1) obtain sensitive information or (2) modify the database via unspecified vectors. | |||||
| CVE-2015-2701 | 1 Cs-cart | 1 Cs-cart | 2016-12-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/. | |||||
| CVE-2015-2680 | 1 Metalgenix | 1 Genixcms | 2016-12-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php. | |||||
| CVE-2015-2676 | 1 Asus | 2 Rt-g32, Rt-g32 Firmware | 2016-12-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm. | |||||
| CVE-2015-2334 | 1 Mybb | 1 Mybb | 2016-12-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Admin Control Panel (ACP) login in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2016-8504 | 1 Yandex | 1 Yandex Browser | 2016-12-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile. | |||||
| CVE-2016-2884 | 1 Ibm | 1 Forms Experience Builder | 2016-12-01 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2016-3004 | 1 Ibm | 1 Connections | 2016-11-30 | 4.9 MEDIUM | 4.6 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available applications. | |||||
| CVE-2016-3009 | 1 Ibm | 1 Connections | 2016-11-30 | 3.5 LOW | 3.5 LOW |
| Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the Connections generic page. | |||||
| CVE-2016-2285 | 1 Moxa | 10 Miineport E1 4641, Miineport E1 4641 Firmware, Miineport E1 7080 and 7 more | 2016-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-2089 | 1 Crossslide Jquery Project | 1 Crossslide Jquery | 2016-11-30 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) csj_width, (3) csj_height, (4) csj_sleep, (5) csj_fade, or (6) upload_image parameter in the thisismyurl_csj.php page to wp-admin/options-general.php. | |||||
| CVE-2015-2084 | 1 Cybernetikz | 1 Easy Social Icons | 2016-11-30 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the image_file parameter in an edit action in the cnss_social_icon_add page to wp-admin/admin.php. | |||||