Export limit exceeded: 14610 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 10350 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10350 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-5473 1 Ntop 1 Ntopng 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua.
CVE-2017-6366 1 Netgear 5 Dgn2200 Firmware, Dgn2200v1, Dgn2200v2 and 2 more 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. NOTE: this issue can be combined with CVE-2017-6334 to execute arbitrary code remotely.
CVE-2017-6379 1 Drupal 1 Drupal 2025-04-20 N/A
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
CVE-2017-14683 1 Geminabox Project 1 Geminabox 2025-04-20 8.8 High
geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.
CVE-2017-15994 1 Samba 1 Rsync 2025-04-20 N/A
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects.
CVE-2017-7491 1 Moodle 1 Moodle 2025-04-20 N/A
In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.
CVE-2017-1631 1 Ibm 1 Jazz For Service Management 2025-04-20 N/A
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140.
CVE-2016-2539 1 Atutor 1 Atutor 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file.
CVE-2017-1442 1 Ibm 1 Emptoris Services Procurement 2025-04-20 N/A
IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 128107.
CVE-2017-4961 1 Cloud Foundry 1 Bosh 2025-04-20 N/A
An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM, aka "BOSH Director Shell Injection Vulnerabilities."
CVE-2016-3403 1 Synacor 1 Zimbra Collaboration Suite 2025-04-20 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899.
CVE-2017-6038 1 Belden Hirschmann 2 Gecko Lite Managed Switch, Gecko Lite Managed Switch Firmware 2025-04-20 N/A
A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request.
CVE-2017-14267 1 Ee 2 4gee Wifi Mbb, 4gee Wifi Mbb Firmware 2025-04-20 N/A
EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings.
CVE-2017-3877 1 Cisco 1 Unified Communications Manager 2025-04-20 N/A
A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web interface of the affected software. More Information: CSCvb70021. Known Affected Releases: 11.5(1.11007.2).
CVE-2017-17774 1 Piwigo 1 Piwigo 2025-04-20 N/A
admin/configuration.php in Piwigo 2.9.2 has CSRF.
CVE-2016-4907 1 Cybozu 1 Garoon 2025-04-20 N/A
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
CVE-2017-9930 1 Greenpacket 2 Dx-350, Dx-350 Firmware 2025-04-20 N/A
Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP.
CVE-2017-6756 1 Cisco 1 Prime Collaboration Provisioning 2025-04-20 N/A
A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery (CSRF) attacks. An attacker could exploit this vulnerability by forcing the user's browser to perform any action authorized for that user. Cisco Bug IDs: CSCvc90280.
CVE-2017-17960 1 Php Multivendor Ecommerce Project 1 Php Multivendor Ecommerce 2025-04-20 N/A
PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php.
CVE-2017-2102 1 Ipa 1 Appgoat 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.