Total
6080 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9730 | 1 Ibm | 2 Qradar Incident Forensics, Qradar Security Information And Event Manager | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1999549. | |||||
| CVE-2016-9716 | 1 Ibm | 1 Infosphere Master Data Management Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119729. | |||||
| CVE-2016-9714 | 1 Ibm | 1 Infosphere Master Data Management Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119727. | |||||
| CVE-2016-9456 | 1 Revive-adserver | 1 Revive Adserver | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed. | |||||
| CVE-2016-9455 | 1 Revive-adserver | 1 Revive Adserver | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`. | |||||
| CVE-2016-9365 | 1 Moxa | 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Requests are not verified to be intentionally submitted by the proper user (CROSS-SITE REQUEST FORGERY). | |||||
| CVE-2016-9218 | 1 Cisco | 1 Hybrid Meeting Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvc28662. Known Affected Releases: 1.0. | |||||
| CVE-2016-9127 | 1 Revive-adserver | 1 Revive Adserver | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially in conjunction with a bug that caused recovery emails to be sent to all the users at once. Both issues have been fixed. | |||||
| CVE-2016-9092 | 1 Symantec | 2 Content Analysis, Mail Threat Defense | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techniques to access the management console with the privileges of an authenticated administrator user. | |||||
| CVE-2016-8941 | 1 Ibm | 2 Spectrum Control, Tivoli Storage Productivity Center | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2016-8917 | 1 Ibm | 1 Sterling Selling And Fulfillment Foundation | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943. | |||||
| CVE-2016-8737 | 1 Apache | 1 Brooklyn | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability. | |||||
| CVE-2016-8718 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authentic request. | |||||
| CVE-2016-8673 | 1 Siemens | 8 Simatic Cp 343-1, Simatic Cp 343-1 Firmware, Simatic Cp 443-1 and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server at port 80/TCP or port 443/TCP of the affected devices could allow remote attackers to perform actions with the permissions of an authenticated user, provided the targeted user has an active session and is induced to trigger the malicious request. | |||||
| CVE-2016-8513 | 1 Hp | 1 Version Control Repository Manager | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6. | |||||
| CVE-2016-8504 | 1 Yandex | 1 Yandex Browser | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile. | |||||
| CVE-2016-8369 | 1 Lynxspring | 1 Jenesys Bas Bridge | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request (CROSS-SITE REQUEST FORGERY). | |||||
| CVE-2016-8350 | 1 Moxa | 19 Iologik E1200 Series Firmware, Iologik E1210, Iologik E1211 and 16 more | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. The web application may not sufficiently verify whether a request was provided by a valid user (CROSS-SITE REQUEST FORGERY). | |||||
| CVE-2016-8229 | 1 Lenovo | 1 Lenovo Service Bridge | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed. | |||||
| CVE-2016-8201 | 1 Brocade | 1 Virtual Traffic Manager | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster. | |||||