Export limit exceeded: 10723 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10305 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10305 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5937 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | N/A |
| IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2017-7431 | 2 Netiq, Novell | 2 Imanager, Imanager | 2025-04-20 | N/A |
| Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. | ||||
| CVE-2017-17939 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2025-04-20 | N/A |
| PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php. | ||||
| CVE-2017-17936 | 1 Vanguard Project | 1 Marketplace Digital Products Php | 2025-04-20 | N/A |
| Vanguard Marketplace Digital Products PHP has CSRF via /search. | ||||
| CVE-2017-17930 | 1 Ordermanagementscript | 1 Professional Service Script | 2025-04-20 | N/A |
| PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel. | ||||
| CVE-2017-7556 | 1 Hawt | 1 Hawtio | 2025-04-20 | N/A |
| Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user. | ||||
| CVE-2017-1000147 | 1 Mahara | 1 Mahara | 2025-04-20 | N/A |
| Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account. | ||||
| CVE-2017-5657 | 1 Apache | 1 Archiva | 2025-04-20 | N/A |
| Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same browser as the archiva site, may send an HTML response that performs arbitrary actions on archiva services, with the same rights as the active archiva session (e.g. administrator rights). | ||||
| CVE-2017-17056 | 1 Zkteco | 1 Zktime Web | 2025-04-20 | N/A |
| The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the old_password, new_password1, and new_password2 parameters to the /accounts/password_change/ URI. An attacker takes advantage of this scenario and creates a crafted CSRF link to add himself as an administrator to the ZKTime Web Software. He then uses social engineering methods to trick the administrator into clicking the forged HTTP request. The request is executed and the attacker becomes the Administrator of the ZKTime Web Software. If the vulnerability is successfully exploited, then an attacker (who would be a normal user of the web application) can escalate his privileges and become the administrator of ZKTime Web Software. | ||||
| CVE-2017-7571 | 1 Ladybirdweb | 1 Faveo Helpdesk | 2025-04-20 | 8.0 High |
| public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges. | ||||
| CVE-2016-3029 | 1 Ibm | 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 2 more | 2025-04-20 | N/A |
| IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2017-7877 | 1 Flatcore | 1 Flatcore-cms | 2025-04-20 | N/A |
| CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations. | ||||
| CVE-2017-12651 | 1 Loginizer | 1 Loginizer | 2025-04-20 | N/A |
| Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked. | ||||
| CVE-2016-4504 | 1 Meteocontrol | 1 Weblog | 2025-04-20 | N/A |
| A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function. | ||||
| CVE-2017-5145 | 1 Carlosgavazzi | 4 Vmu-c Em, Vmu-c Em Firmware, Vmu-c Pv and 1 more | 2025-04-20 | N/A |
| An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulnerability can allow execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration. | ||||
| CVE-2017-12973 | 1 Connect2id | 1 Nimbus Jose\+jwt | 2025-04-20 | N/A |
| Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack. | ||||
| CVE-2017-16853 | 2 Debian, Shibboleth | 2 Debian Linux, Opensaml | 2025-04-20 | N/A |
| The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105. | ||||
| CVE-2017-7990 | 1 Openmrs | 1 Openmrs Module Reporting | 2025-04-20 | N/A |
| The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp. | ||||
| CVE-2017-9606 | 1 Infotecs | 2 Vipnet Client, Vipnet Coordinator | 2025-04-20 | N/A |
| Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks. | ||||
| CVE-2016-4315 | 1 Wso2 | 1 Carbon | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxy_ajaxprocessor.jsp. | ||||