Export limit exceeded: 10305 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10305 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-15734 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php. | ||||
| CVE-2016-2965 | 1 Ibm | 1 Sametime | 2025-04-20 | N/A |
| IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846. | ||||
| CVE-2016-9456 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | N/A |
| Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed. | ||||
| CVE-2014-6106 | 1 Ibm | 1 Security Identity Manager | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors. | ||||
| CVE-2017-7926 | 1 Osisoft | 1 Pi Web Api | 2025-04-20 | N/A |
| A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated. | ||||
| CVE-2016-7507 | 1 Glpi-project | 1 Glpi | 2025-04-20 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application. | ||||
| CVE-2016-4315 | 1 Wso2 | 1 Carbon | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxy_ajaxprocessor.jsp. | ||||
| CVE-2017-1000090 | 1 Jenkins | 1 Role-based Authorization Strategy | 2025-04-20 | N/A |
| Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access to Jenkins. | ||||
| CVE-2016-9730 | 1 Ibm | 2 Qradar Incident Forensics, Qradar Security Information And Event Manager | 2025-04-20 | N/A |
| IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1999549. | ||||
| CVE-2017-10680 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request. | ||||
| CVE-2016-1000218 | 1 Elastic | 1 Kibana Reporting | 2025-04-20 | N/A |
| Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page. | ||||
| CVE-2015-7293 | 2 Plone, Zope | 2 Plone, Zope Management Interface | 2025-04-20 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. | ||||
| CVE-2015-7715 | 1 Realtyna | 1 Realtyna Property Listing | 2025-04-20 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests that add a user via an add_user action to administrator/index.php. | ||||
| CVE-2017-12973 | 1 Connect2id | 1 Nimbus Jose\+jwt | 2025-04-20 | N/A |
| Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack. | ||||
| CVE-2017-16853 | 2 Debian, Shibboleth | 2 Debian Linux, Opensaml | 2025-04-20 | N/A |
| The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105. | ||||
| CVE-2017-17774 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| admin/configuration.php in Piwigo 2.9.2 has CSRF. | ||||
| CVE-2015-8624 | 1 Mediawiki | 1 Mediawiki | 2025-04-20 | N/A |
| The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623. | ||||
| CVE-2017-4961 | 1 Cloud Foundry | 1 Bosh | 2025-04-20 | N/A |
| An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM, aka "BOSH Director Shell Injection Vulnerabilities." | ||||
| CVE-2017-9517 | 1 Atmail | 1 Atmail | 2025-04-20 | N/A |
| atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV. | ||||
| CVE-2017-3877 | 1 Cisco | 1 Unified Communications Manager | 2025-04-20 | N/A |
| A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web interface of the affected software. More Information: CSCvb70021. Known Affected Releases: 11.5(1.11007.2). | ||||