Search Results (9419 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-9810 1 Kaspersky 1 Anti-virus For Linux Server 2025-04-20 N/A
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.
CVE-2017-10961 1 Vanderbilt 1 Redcap 2025-04-20 N/A
REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components.
CVE-2017-1097 1 Ibm 1 Emptoris Strategic Supply Management 2025-04-20 N/A
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657.
CVE-2017-5943 1 Bestpractical 1 Request Tracker 2025-04-20 N/A
Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL.
CVE-2017-7491 1 Moodle 1 Moodle 2025-04-20 N/A
In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.
CVE-2017-2102 1 Ipa 1 Appgoat 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2017-12439 1 Socusoft 1 Flash Slideshow Maker 2025-04-20 7.5 High
SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xml_path HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. This has resultant content forgery, cross site scripting, and unvalidated redirection issues.
CVE-2016-4904 1 Wp-olivecart 2 Olivecart, Olivecartpro 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to hijack the authentication of a user to perform unintended operations via unspecified vectors.
CVE-2016-3691 1 Kallithea-scm 1 Kallithea 2025-04-20 N/A
Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method.
CVE-2017-2238 1 Toshiba 4 Hem-gw16a, Hem-gw16a Firmware, Hem-gw26a and 1 more 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2017-15735 1 Phpmyfaq 1 Phpmyfaq 2025-04-20 N/A
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.
CVE-2017-5657 1 Apache 1 Archiva 2025-04-20 N/A
Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same browser as the archiva site, may send an HTML response that performs arbitrary actions on archiva services, with the same rights as the active archiva session (e.g. administrator rights).
CVE-2016-9455 1 Revive-adserver 1 Revive Adserver 2025-04-20 N/A
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`.
CVE-2017-10678 1 Piwigo 1 Piwigo 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request.
CVE-2017-17903 1 Fortunescripts 1 Lynda Clone 2025-04-20 N/A
FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel.
CVE-2017-17990 1 Iwcnetwork 1 Biometric Shift Employee Management System 2025-04-20 N/A
Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action.
CVE-2017-11455 2 Ivanti, Pulsesecure 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure 2025-04-20 N/A
diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens.
CVE-2017-11646 1 Netcomm 2 4gt101w Bootloader, 4gt101w Software 2025-04-20 N/A
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain any token that can mitigate CSRF vulnerabilities within the device.
CVE-2017-11648 1 Techroutes 2 Tr 1803-3g, Tr 1803-3g Firmware 2025-04-20 N/A
Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering.
CVE-2017-11726 1 Connectwise 1 Manage 2025-04-20 N/A
services/system_io/actionprocessor/System.rails in ConnectWise Manage 2017.5 is vulnerable to Cross-Site Request Forgery (CSRF), as demonstrated by changing an e-mail address setting.