Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7281 | 1 Readynet Solutions | 2 Wrt300n-dd, Wrt300n-dd Firmware | 2016-11-28 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD devices with firmware 1.0.26 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-5508 | 1 The Extensible Catalog Drupal Toolkit Project | 1 The Extensible Catalog Drupal Toolkit | 2016-11-28 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provider module in the eXtensible Catalog (XC) Drupal Toolkit allows remote attackers to hijack the authentication of users with the "administer ncip providers" permission for requests that alter NCIP providers via a crafted request. | |||||
| CVE-2015-4530 | 1 Emc | 5 Documentum Administrator, Documentum Digital Asset Manager, Documentum Taskspace and 2 more | 2016-11-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518. | |||||
| CVE-2013-3472 | 1 Cisco | 1 Unified Communications Manager | 2016-11-04 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210. | |||||
| CVE-2016-6801 | 2 Apache, Debian | 2 Jackrabbit, Debian Linux | 2016-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header. | |||||
| CVE-2016-6158 | 1 Huawei | 2 Ws331a Router, Ws331a Router Firmware | 2016-09-22 | 7.1 HIGH | 6.1 MEDIUM |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrators for requests that (1) restore factory settings or (2) reboot the device via unspecified vectors. | |||||
| CVE-2011-5196 | 1 Public Knowledge Project | 1 Open Journal Systems | 2016-09-19 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files. | |||||
| CVE-2011-5197 | 1 Public Knowledge Project | 1 Open Harvester Systems | 2016-09-19 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Harvester Systems 2.3.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files. | |||||
| CVE-2011-5195 | 1 Public Knowledge Project | 1 Open Conference Systems | 2016-09-19 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Conference Systems 2.3.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload a PHP file. | |||||
| CVE-2013-6710 | 1 Cisco | 1 Webex Training Center | 2016-09-16 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567. | |||||
| CVE-2013-6976 | 1 Cisco | 1 Epc3925 | 2016-09-15 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496. | |||||
| CVE-2014-3267 | 1 Cisco | 1 Security Manager | 2016-09-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427. | |||||
| CVE-2016-2901 | 1 Ibm | 2 Web Content Manager, Websphere Portal | 2016-08-18 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2016-5671 | 1 Crestron | 2 Dm-txrx-100-str, Dm-txrx-100-str Firmware | 2016-08-16 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-1894 | 1 Ibm | 1 Optim Workload Replay | 2016-08-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2015-1874 | 1 Cfdbplugin | 1 Contact Form Db | 2016-08-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.32 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete all plugin records via a request in the CF7DBPluginSubmissions page to wp-admin/admin.php. | |||||
| CVE-2016-0386 | 1 Ibm | 1 Tririga Application Platform | 2016-07-06 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees. | |||||
| CVE-2015-4396 | 1 Keyword Research Project | 1 Keyword Research | 2016-06-27 | 5.1 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Keyword Research module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to hijack the authentication of users with the "kwresearch admin site keywords" permission for requests that (1) create, (2) delete, or (3) set priorities to keywords via unspecified vectors. | |||||
| CVE-2016-4820 | 1 Iodata | 2 Etx-r, Etx-r Firmware | 2016-06-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2016-4494 | 1 Kmc Controls | 2 Bac-5051e, Bac-5051e Firmware | 2016-06-10 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file. | |||||