Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19516 | 1 Intelbras | 2 Wrn 150, Wrn 150 Firmware | 2019-12-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password. | |||||
| CVE-2016-8673 | 1 Siemens | 8 Simatic Cp 343-1, Simatic Cp 343-1 Firmware, Simatic Cp 443-1 and 5 more | 2019-12-12 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server at port 80/TCP or port 443/TCP of the affected devices could allow remote attackers to perform actions with the permissions of an authenticated user, provided the targeted user has an active session and is induced to trigger the malicious request. | |||||
| CVE-2012-2079 | 1 Drupal | 1 Activity | 2019-12-11 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal. | |||||
| CVE-2009-1802 | 2 Freepbx, Sangoma | 2 Freepbx, Freepbx | 2019-12-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact. | |||||
| CVE-2019-16002 | 1 Cisco | 1 Sd-wan Firmware | 2019-12-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected instance of vManage. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. | |||||
| CVE-2015-3140 | 1 Synametrics | 3 Synaman, Syncrify, Syntail | 2019-12-04 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567 | |||||
| CVE-2013-6811 | 1 D-link | 2 Dsl6740u, Dsl6740u Firmware | 2019-12-04 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. H1) allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to (1) Custom Services in Port Forwarding, (2) Port Triggering Entries, (3) URL Filters in Parental Control, (4) Print Server settings, (5) QoS Queue Setup, or (6) QoS Classification Entries. | |||||
| CVE-2018-10503 | 1 Baijiacms Project | 1 Baijiacms | 2019-12-03 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser. | |||||
| CVE-2013-3312 | 1 Loftek | 2 Nexus 543, Nexus 543 Firmware | 2019-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Loftek Nexus 543 IP Camera allow remote attackers to hijack the authentication of unspecified victims for requests that change (1) passwords or (2) firewall configuration, as demonstrated by a request to set_users.cgi. | |||||
| CVE-2019-19013 | 1 Pagekit | 1 Pagekit | 2019-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request. | |||||
| CVE-2011-4952 | 1 Cobblerd | 1 Cobbler | 2019-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| cobbler: Web interface lacks CSRF protection when using Django framework | |||||
| CVE-2019-16993 | 2 Debian, Phpbb | 2 Debian Linux, Phpbb | 2019-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them. | |||||
| CVE-2019-18651 | 1 3xlogic | 2 Infinias Access Control, Infinias Access Control Firmware | 2019-11-20 | 5.8 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application users) by sending a crafted HTML document or encoded URL to a user that the website trusts. The user needs to have an active privileged session. | |||||
| CVE-2019-18884 | 1 Fairsketch | 1 Rise - Ultimate Project Manager | 2019-11-19 | 6.8 MEDIUM | 8.8 HIGH |
| index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users. | |||||
| CVE-2013-3516 | 1 Netgear | 4 Wnr3500l, Wnr3500l Firmware, Wnr3500u and 1 more | 2019-11-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens. | |||||
| CVE-2019-17600 | 1 Intelbras | 2 Iwr 1000n, Iwr 1000n Firmware | 2019-11-16 | 10.0 HIGH | 9.8 CRITICAL |
| Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled. | |||||
| CVE-2012-4385 | 2 Debian, Trilexnet | 2 Debian Linux, Letodms | 2019-11-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| letodms 3.3.6 has CSRF via change password | |||||
| CVE-2014-3655 | 1 Redhat | 2 Jboss Enterprise Web Server, Keycloak | 2019-11-14 | 4.3 MEDIUM | 4.3 MEDIUM |
| JBoss KeyCloak is vulnerable to soft token deletion via CSRF | |||||
| CVE-2010-3305 | 1 Pixelpost | 1 Pixelpost | 2019-11-14 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password. | |||||
| CVE-2019-17237 | 1 Getigniteup | 1 Igniteup | 2019-11-12 | 6.8 MEDIUM | 8.8 HIGH |
| includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF. | |||||