Search Results (9397 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-6127 1 Digisol 2 Dg-hr1400, Dg-hr1400 Firmware 2025-04-20 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2) change the Wi-Fi password, or (3) possibly have unspecified other impact via crafted requests to form2WlanBasicSetup.cgi.
CVE-2015-8623 1 Mediawiki 1 Mediawiki 2025-04-20 N/A
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624.
CVE-2016-4504 1 Meteocontrol 1 Weblog 2025-04-20 N/A
A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function.
CVE-2017-11196 1 Pulsesecure 1 Pulse Connect Secure 2025-04-20 N/A
Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page.
CVE-2016-9455 1 Revive-adserver 1 Revive Adserver 2025-04-20 N/A
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`.
CVE-2016-5372 1 Netapp 1 Snap Creator Framework 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
CVE-2016-5937 1 Ibm 1 Kenexa Lcms Premier 2025-04-20 N/A
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE-2016-6045 1 Ibm 1 Tivoli Storage Manager 2025-04-20 N/A
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE-2017-1097 1 Ibm 1 Emptoris Strategic Supply Management 2025-04-20 N/A
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657.
CVE-2016-9127 1 Revive-adserver 1 Revive Adserver 2025-04-20 N/A
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially in conjunction with a bug that caused recovery emails to be sent to all the users at once. Both issues have been fixed.
CVE-2016-9456 1 Revive-adserver 1 Revive Adserver 2025-04-20 N/A
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed.
CVE-2016-4907 1 Cybozu 1 Garoon 2025-04-20 N/A
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
CVE-2016-4909 1 Cybozu 1 Garoon 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.
CVE-2017-12589 1 Tomaxcom 4 R60g, R60g Firmware, R60gv2 and 1 more 2025-04-20 N/A
ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack.
CVE-2016-8737 1 Apache 1 Brooklyn 2025-04-20 N/A
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability.
CVE-2016-8718 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2025-04-20 8.8 High
An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authentic request.
CVE-2016-5401 1 Redhat 2 Jboss Bpm Suite, Jboss Enterprise Brms Platform 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page.
CVE-2017-15296 1 Sap 1 Customer Relationship Management 2025-04-20 N/A
The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964.
CVE-2017-9413 1 Subsonic 1 Subsonic 2025-04-20 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. NOTE: These vulnerabilities can be exploited to conduct server-side request forgery (SSRF) attacks.
CVE-2017-15732 1 Phpmyfaq 1 Phpmyfaq 2025-04-20 N/A
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php.