ReportizFlow
Filtered by vendor
Subscriptions
Total
8863 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9930 | 1 Greenpacket | 2 Dx-350, Dx-350 Firmware | 2025-04-20 | N/A |
| Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP. | ||||
| CVE-2017-9517 | 1 Atmail | 1 Atmail | 2025-04-20 | N/A |
| atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV. | ||||
| CVE-2017-7951 | 1 Wondercms | 1 Wondercms | 2025-04-20 | N/A |
| WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context. | ||||
| CVE-2017-7666 | 1 Apache | 1 Openmeetings | 2025-04-20 | N/A |
| Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. | ||||
| CVE-2017-7571 | 1 Ladybirdweb | 1 Faveo Helpdesk | 2025-04-20 | 8.0 High |
| public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges. | ||||
| CVE-2017-8101 | 1 S9y | 1 Serendipity | 2025-04-20 | N/A |
| There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request. | ||||
| CVE-2017-8930 | 1 Simpleinvoices | 1 Simple Invoices | 2025-04-20 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application, (2) create regular user accounts, or (3) change configuration parameters such as tax rates and the enable/disable status of PayPal payment modules. | ||||
| CVE-2017-5959 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | N/A |
| CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token. | ||||
| CVE-2017-4928 | 1 Vmware | 1 Vcenter Server | 2025-04-20 | N/A |
| The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure. | ||||
| CVE-2017-2688 | 1 Siemens | 1 Ruggedcom Rox I | 2025-04-20 | N/A |
| The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF. | ||||
| CVE-2017-2273 | 1 Buffalo | 4 Wmr-433, Wmr-433 Firmware, Wmr-433w and 1 more | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2017-17891 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2025-04-20 | N/A |
| Readymade Video Sharing Script has CSRF via user-profile-edit.php. | ||||
| CVE-2017-17830 | 1 Doditsolutions | 1 Bus Booking Script | 2025-04-20 | N/A |
| Bus Booking Script has CSRF via admin/new_master.php. | ||||
| CVE-2017-17774 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| admin/configuration.php in Piwigo 2.9.2 has CSRF. | ||||
| CVE-2017-5657 | 1 Apache | 1 Archiva | 2025-04-20 | N/A |
| Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same browser as the archiva site, may send an HTML response that performs arbitrary actions on archiva services, with the same rights as the active archiva session (e.g. administrator rights). | ||||
| CVE-2017-16780 | 1 Mybb | 1 Mybb | 2025-04-20 | N/A |
| The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file. | ||||
| CVE-2017-16563 | 1 Grandstream | 2 Ht802, Ht802 Firmware | 2025-04-20 | N/A |
| Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. | ||||
| CVE-2017-15731 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php. | ||||
| CVE-2017-15063 | 1 Intelliants | 1 Subrion | 2025-04-20 | N/A |
| There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database. | ||||
| CVE-2017-14362 | 1 Microfocus | 1 Project And Portfolio Management | 2025-04-20 | N/A |
| Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack. | ||||