Total
6078 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10766 | 1 Edx | 1 Edx-platform | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| edx-platform before 2016-06-06 allows CSRF. | |||||
| CVE-2016-10757 | 1 Readaxo | 1 Readaxo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Redaxo 5.2.0, the cron management of the admin panel suffers from CSRF that leads to arbitrary Remote Code Execution via addons/cronjob/lib/types/phpcode.php. | |||||
| CVE-2016-10756 | 1 Kliqqi | 1 Kliqqi Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/upload_main.php can be used for the upload itself. | |||||
| CVE-2016-10738 | 1 Castlamp | 1 Zenbership | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Zenbership v107 has CSRF via admin/cp-functions/event-add.php. | |||||
| CVE-2016-10701 | 1 Hitachivantara | 1 Pentaho Business Analytics | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application. | |||||
| CVE-2016-10529 | 1 Droppy Project | 1 Droppy | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others. | |||||
| CVE-2016-10522 | 1 Rails Admin Project | 1 Rails Admin | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem. | |||||
| CVE-2016-10313 | 1 Jensenofscandinavia | 6 Al3g, Al3g Firmware, Al5000ac and 3 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct CSRF attacks via certain /goform/* pages. | |||||
| CVE-2016-10206 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php. | |||||
| CVE-2016-1000218 | 1 Elastic | 1 Kibana Reporting | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page. | |||||
| CVE-2016-1000213 | 1 Ruckus | 1 Wireless H500 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Ruckus Wireless H500 web management interface CSRF | |||||
| CVE-2016-0948 | 1 Adobe | 1 Connect | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2016-0891 | 1 Emc | 1 Vipr Srm | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators. | |||||
| CVE-2016-0863 | 1 Tollgrade | 1 Smartgrid Lighthouse Sensor Management System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2016-0720 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | |||||
| CVE-2016-0386 | 1 Ibm | 1 Tririga Application Platform | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees. | |||||
| CVE-2016-0356 | 1 Ibm | 1 Sametime | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111895. | |||||
| CVE-2016-0355 | 1 Ibm | 1 Sametime | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894. | |||||
| CVE-2016-0348 | 1 Ibm | 1 Tririga Application Platform | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111813. | |||||
| CVE-2016-0335 | 1 Ibm | 1 Security Identity Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: 111736. | |||||