Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1174 | 1 Hiniarata | 1 Casebook Plugin | 2016-04-07 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators. | |||||
| CVE-2016-1175 | 1 Sharp | 2 Aquos Hn-pp150, Aquos Hn-pp150 Firmware | 2016-04-06 | 5.8 MEDIUM | 4.3 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2016-1167 | 1 Aterm | 2 Wg300hp, Wg300hp Firmware | 2016-04-01 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2016-1168 | 1 Aterm | 2 Wf800hp, Wf800hp Firmware | 2016-04-01 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2014-9385 | 1 Zenoss | 1 Zenoss Core | 2016-03-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Zenoss Core through 5 Beta 3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger arbitrary code execution via a ZenPack upload, aka ZEN-15388. | |||||
| CVE-2014-6253 | 1 Zenoss | 1 Zenoss Core | 2016-03-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to hijack the authentication of arbitrary users, aka ZEN-12653. | |||||
| CVE-2016-1134 | 1 Buffalotech | 16 Bhr-4grv2, Bhr-4grv2 Firmware, Wex-300 and 13 more | 2016-03-14 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2016-1158 | 1 Corega | 4 Cg-wlbargmh, Cg-wlbargmh Firmware, Cg-wlbargnl and 1 more | 2016-03-10 | 5.1 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH and CG-WLBARGNL devices allows remote attackers to hijack the authentication of administrators for requests that perform administrative functions. | |||||
| CVE-2016-2199 | 1 Mcafee | 1 Vulnerability Manager | 2016-03-01 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. | |||||
| CVE-2015-5050 | 1 Ibm | 1 Emptoris Contract Management | 2016-02-26 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2016-1151 | 1 Cybozu | 1 Office | 2016-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-7678 | 1 Ipswitch | 1 Moveit Mobile | 2016-02-18 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2016-1139 | 1 Kddi | 2 Home Spot Cube, Home Spot Cube Firmware | 2016-02-10 | 6.8 MEDIUM | 7.5 HIGH |
| Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2015-3946 | 1 Advantech | 1 Webaccess | 2016-01-18 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2015-7465 | 1 Ibm | 1 Jazz Reporting Service | 2016-01-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2015-5037 | 1 Ibm | 1 Connections | 2016-01-08 | 6.8 MEDIUM | 5.4 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2015-2912 | 1 Orientdb | 1 Orientdb | 2015-12-31 | 6.8 MEDIUM | 8.8 HIGH |
| The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request. | |||||
| CVE-2015-5990 | 1 Zyxel | 1 Gs1900-10hp Firmware | 2015-12-31 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-8563 | 1 Joomla | 1 Joomla\! | 2015-12-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2014-5204 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2015-11-25 | 6.8 MEDIUM | N/A |
| wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack. | |||||