Search Results (10314 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-6180 1 Keekoonvision 2 Kk002 Ip Camera, Kk002 Ip Camera Firmware 2025-04-20 N/A
Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery Vulnerability affecting goform/formChnUserPwd and goform/formUserMng (and the entire set of other pages).
CVE-2017-12970 1 Apache2triad 1 Apache2triad 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php.
CVE-2014-4843 1 Ibm 1 Curam Social Program Management 2025-04-20 N/A
Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL.
CVE-2017-7881 1 Bigtreecms 1 Bigtree Cms 2025-04-20 N/A
BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/developer/_header.php and patched in core/inc/bigtree/admin.php on 2017-04-14.
CVE-2015-1786 1 Zend 1 Zend Framework 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.
CVE-2017-9489 2 Cisco, Commscope 4 Dpc3939b, Dpc3939b Firmware, Arris Tg1682g and 1 more 2025-04-20 8.8 High
The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF.
CVE-2017-8152 1 Huawei 2 Honor 5s, Honor 5s Firmware 2025-04-20 N/A
Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access factory reset page without authorization by only dial with special code. The attacker can exploit this vulnerability to restore the phone to factory settings.
CVE-2016-5401 1 Redhat 2 Jboss Bpm Suite, Jboss Enterprise Brms Platform 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page.
CVE-2017-2097 1 Support-project 1 Knowledge 2025-04-20 8.8 High
Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2017-1000093 1 Jenkins 1 Poll Scm 2025-04-20 N/A
Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it's similar to cache invalidation, the plugin specifically adds a permission to be able to use this functionality, and this issue undermines that permission.
CVE-2017-8836 1 Peplink 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more 2025-04-20 N/A
CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface.
CVE-2017-17827 1 Piwigo 1 Piwigo 2025-04-20 N/A
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions.
CVE-2017-11876 1 Microsoft 2 Project Server, Sharepoint Enterprise Server 2025-04-20 N/A
Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability".
CVE-2017-8382 1 Admidio 1 Admidio 2025-04-20 N/A
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.
CVE-2017-2244 1 Brother 2 Mfc-j960dwn, Mfc-j960dwn Firmware 2025-04-20 8.8 High
Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2015-5395 2 Alinto, Debian 2 Sogo, Debian Linux 2025-04-20 8.8 High
Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.
CVE-2016-8369 1 Lynxspring 1 Jenesys Bas Bridge 2025-04-20 N/A
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request (CROSS-SITE REQUEST FORGERY).
CVE-2017-11567 1 Cesanta 1 Mongoose Embedded Web Server Library 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely.
CVE-2017-2682 1 Siemens 1 Ruggedcom Network Management Software 2025-04-20 N/A
The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request.
CVE-2017-17894 1 Basic Job Site Script Project 1 Basic Job Site Script 2025-04-20 N/A
Readymade Job Site Script has CSRF via the /job URI.