Total
7514 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10861 | 1 Neetcables | 2 Airstream, Airstream Nas Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settings binary to change the AP name and password. | |||||
| CVE-2016-10766 | 1 Edx | 1 Edx-platform | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| edx-platform before 2016-06-06 allows CSRF. | |||||
| CVE-2016-10757 | 1 Readaxo | 1 Readaxo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Redaxo 5.2.0, the cron management of the admin panel suffers from CSRF that leads to arbitrary Remote Code Execution via addons/cronjob/lib/types/phpcode.php. | |||||
| CVE-2016-10756 | 1 Kliqqi | 1 Kliqqi Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/upload_main.php can be used for the upload itself. | |||||
| CVE-2016-10738 | 1 Castlamp | 1 Zenbership | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Zenbership v107 has CSRF via admin/cp-functions/event-add.php. | |||||
| CVE-2016-10529 | 1 Droppy Project | 1 Droppy | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others. | |||||
| CVE-2016-10522 | 1 Rails Admin Project | 1 Rails Admin | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem. | |||||
| CVE-2016-0348 | 1 Ibm | 1 Tririga Application Platform | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111813. | |||||
| CVE-2016-0335 | 1 Ibm | 1 Security Identity Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: 111736. | |||||
| CVE-2016-0295 | 1 Ibm | 1 Bigfix Platform | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363. | |||||
| CVE-2016-0272 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors. IBM X-Force ID: 111052. | |||||
| CVE-2015-9498 | 1 Wpserveur | 1 Wps Hide Login | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value. | |||||
| CVE-2015-9497 | 1 Ad Inserter Project | 1 Ad Inserter | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php. | |||||
| CVE-2015-9455 | 1 Incsub | 1 Buddypress-activity-plus | 2024-11-21 | 7.8 HIGH | 8.1 HIGH |
| The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action. | |||||
| CVE-2015-9447 | 1 Unitegallery | 1 Unite Gallery Lite | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters. | |||||
| CVE-2015-9445 | 1 Unitegallery | 1 Unite Gallery Lite | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation. | |||||
| CVE-2015-9443 | 1 Wp Accurate Form Data Project | 1 Wp Accurate Form Data | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP. | |||||
| CVE-2015-9442 | 1 Avenirsoft | 1 Directdownload | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin. | |||||
| CVE-2015-9441 | 1 Bookmarkify Project | 1 Bookmarkify | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php. | |||||
| CVE-2015-9440 | 1 Monetize Project | 1 Monetize | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new. | |||||