Search Results (9372 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-5789 1 Jantek 2 Jtc-200, Jtc-200 Firmware 2025-04-20 N/A
A Cross-site Request Forgery issue was discovered in JanTek JTC-200, all versions. An attacker could perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.
CVE-2016-8718 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2025-04-20 8.8 High
An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authentic request.
CVE-2017-5187 1 Microfocus 4 Directory Server, Enterprise Developer, Enterprise Server and 1 more 2025-04-20 N/A
A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests.
CVE-2017-5264 1 Rapid7 1 Nexpose 2025-04-20 N/A
Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.
CVE-2017-10677 1 Linksys 2 Ea4500, Ea4500 Firmware 2025-04-20 N/A
Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices with Firmware Version before 2.1.41.164606, as demonstrated by a request to apply.cgi to disable SIP.
CVE-2017-1000069 1 Oauth2 Proxy Project 1 Oauth2 Proxy 2025-04-20 N/A
CSRF in Bitly oauth2_proxy 2.1 during authentication flow
CVE-2017-15732 1 Phpmyfaq 1 Phpmyfaq 2025-04-20 N/A
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php.
CVE-2014-8900 1 Ibm 1 Urbancode Deploy 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier.
CVE-2016-9714 1 Ibm 1 Infosphere Master Data Management Server 2025-04-20 N/A
IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119727.
CVE-2016-9218 1 Cisco 1 Hybrid Meeting Server 2025-04-20 N/A
A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvc28662. Known Affected Releases: 1.0.
CVE-2017-16780 1 Mybb 1 Mybb 2025-04-20 N/A
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.
CVE-2012-4568 1 Letodms Project 1 Letodms 2025-04-20 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2017-8152 1 Huawei 2 Honor 5s, Honor 5s Firmware 2025-04-20 N/A
Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access factory reset page without authorization by only dial with special code. The attacker can exploit this vulnerability to restore the phone to factory settings.
CVE-2017-8382 1 Admidio 1 Admidio 2025-04-20 N/A
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.
CVE-2016-7904 1 Cmsmadesimple 1 Cms Made Simple 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request.
CVE-2017-1000244 1 Jenkins 1 Favorite 2025-04-20 N/A
Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification
CVE-2017-7926 1 Osisoft 1 Pi Web Api 2025-04-20 N/A
A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated.
CVE-2017-7571 1 Ladybirdweb 1 Faveo Helpdesk 2025-04-20 8.0 High
public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges.
CVE-2017-14048 1 Blackcat-cms 1 Blackcat Cms 2025-04-20 N/A
BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. NOTE: this can be exploited via CSRF.
CVE-2017-4928 1 Vmware 1 Vcenter Server 2025-04-20 N/A
The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure.