CWE:
 

Topic
Date
Author
Low
Elefant CMS 1.3.12-RC Cross Site Request Forgery
19.02.2017
Tim Coen
Med.
SonicDICOM PACS 2.3.2 CSRF Add Admin Exploit
12.02.2017
Gjoko 'LiquidWorm' Krs...
Med.
Zoneminder 1.29 / 1.30 CSRF / XSS / SQL Injection / Session Fixation
03.02.2017
foxmole
Med.
Ubiquiti Networks Cross Site Scripting / Cross Site Request Forgery
31.01.2017
T. Weber
Low
WordPress FormBuilder 1.05 Cross Site Request Forgery
30.01.2017
Burak Kelebek
Low
Zimbra Cross Site Request Forgery
14.01.2017
Sysdream
Med.
Huawei Flybox B660 Cross Site Request Forgery
12.01.2017
Vulnerability Lab
Low
FMyLife Clone Script Pro Edition 1.1 Cross Site Request Forgery
11.01.2017
Ihsan Sencan
Med.
Dell SonicWALL Secure Mobile Access SMA 8.1 CSRF / XSS
31.12.2016
Gjoko 'LiquidWorm' Krs...
Low
WordPress Copy-Me 1.0.0 Cross Site Request Forgery
23.12.2016
Tom Adams
Low
WordPress Quiz And Survey Master 4.7.8 / 4.5.4 XSS / CSRF
17.12.2016
Tom Adams
Low
WordPress Multisite Post Duplicator 0.9.5.1 Cross Site Request Forgery
12.12.2016
Tom Adams
Med.
e107 2.1.2 Cross Site Request Forgery / Cross Site Scripting
02.12.2016
foxmole
Med.
Xfinity Gateway Cross Site Request Forgery
02.12.2016
Pabstersac
Low
WordPress Insert Html Snippet 1.2 Cross Site Request Forgery
30.11.2016
Yorick Koster
Low
Biesta Billing 4.0 Beta Cross Site Request Forgery / Traversal
29.11.2016
TaurusOmar
High
EasyPHP Devserver 16.1.1 Cross Site Request Forgery / Remote Command Execution
23.11.2016
hyp3rlinx
Med.
Siemens SIMATIC Cookie Settings / Cross Site Request Forgery
23.11.2016
Andrea Barisani
Med.
WordPress Instagram Feed 1.4.6.2 Cross Site Scripting / Cross Site Request Forgery
22.11.2016
Sipke Mellema
Med.
WordPress MailChimp 4.0.7 Cross Site Request Forgery / Cross Site Scripting
22.11.2016
Persian Hack Team
Med.
Joomla K2 2.7.1 Shell Upload / Cross Site Request Forgery
22.11.2016
Anti RA$?is
Low
WordPress Easy Facebook Like Box 4.3.0 CSRF / XSS
22.11.2016
Persian Hack Team
Med.
MyLittleForum 2.3.6.1 Cross Site Request Forgery
19.11.2016
Tim Coen
Med.
Lepton 2.2.2 Stable CSRF / Open Redirect / Password Handling
19.11.2016
Tim Coen
Med.
FUDforum 3.0.6 Cross Site Request Forgery / Cross Site Scripting
19.11.2016
Tim Coen
Low
ATutor 2.2.2 Cross Site Request Forgery
15.11.2016
Saravana Kumar
Low
WordPress Google Maps 6.3.14 Cross Site Request Forgery
12.11.2016
Sipke Mellema
Med.
NodCMS Cross Site Request Forgery
09.11.2016
Ashiyane Digital Secur...
Low
Rapid PHP Editor IDE 14.1 Cross Site Request Forgery
05.11.2016
hyp3rlinx
Low
SweetRice 1.5.1 Cross Site Request Forgery
03.11.2016
Ashiyane Digital Secur...
Med.
My Little Forum 2.3.7 Cross Site Request Forgery / Cross Site Scripting
02.11.2016
Ashiyane Digital Secur...
Low
D-Link DIR-300NRUB5 Firmware 1.2.94 Cross Site Request Forgery
01.11.2016
MustLive
Low
InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery
30.10.2016
Gjoko 'LiquidWorm' Krs...
Low
BigTree CMS 4.2.13 Cross Site Request Forgery
27.10.2016
Ashiyane Digital Secur...
Med.
Zenbership (latest version) - Multiple Vulnerabilities
24.10.2016
Besim
Med.
Event Calendar PHP 1.5 Cross Site Request Forgery
22.10.2016
Ashiyane Digital Secur...
Low
CNDSOFT 2.3 Cross Site Request Forgery / Shell Upload
21.10.2016
Besim
Med.
PizzaInn Beta 3 categories-exec.php Cross Site Request Forgery
21.10.2016
Nassim Asrir
Med.
XhP CMS 0.5.1 Cross Site Request Forgery / Cross Site Scripting
20.10.2016
Ahsan Tahir
Med.
Subrion CMS 4.0.5 Cross Site Request Forgery / Cross Site Scripting
19.10.2016
Ahsan Tahir
Med.
VendHQ Cross Site Request Forgery
18.10.2016
Ahsan Tahir
Med.
Simple Forum PHP 2.4 Cross Site Request Forgery
18.10.2016
Ashiyane Digital Secur...
Med.
WordPress Newsletter 4.6.0 Cross Site Request Forgery / Cross Site Scripting
14.10.2016
Keith Lee
Med.
Colorful Blog Cross Site Request Forgery
14.10.2016
Besim
Low
ApPHP MicroBlog 1.0.2 Cross Site Request Forgery
13.10.2016
Besim
Low
phpEnter 4.2.7 Cross Site Request Forgery
13.10.2016
Besim
Low
BirdBlog 1.4.0 Cross Site Request Forgery
13.10.2016
Besim
Low
ApPHP MicroCMS 3.9.5 Cross Site Request Forgery
13.10.2016
Besim
Low
PHP Press Release Cross Site Request Forgery
10.10.2016
Besim
Low
miniblog 1.0.1 Cross Site Request Forgery
10.10.2016
Besim
Low
Simple PHP Blog 0.8.4 Cross Site Request Forgery
08.10.2016
Besim
Low
Epson WorkForce Lack Of Firmware Signing / CSRF
27.09.2016
Yves-Noel Weweler
Med.
Cisco EPC 3925 Multiple Vulnerabilities
15.09.2016
Patryk Bogdan
Med.
CumulusClips 2.4.1 Code Execution / CSRF / Cross Site Scripting
09.09.2016
Aukasz Korczyk
Low
WordPress Theme cubed_v1.2 CSRF File Upload Vulnerability
08.09.2016
howucan
High
Belkin F9K1122v1 1.00.30 Buffer Overflow / Cross Site Request Forgery
07.09.2016
b1ack0wl
Med.
Goron Web Server 2.0 XSS / CSRF / Denial Of Service
30.08.2016
Guillaume Kaddouch
Low
Zarafe CMS 1.0 Cross Site Request Forgery
28.08.2016
Persian Hack Team
Low
chatNow 0.0.0 Cross Site Request Forgery
25.08.2016
HaHwul
Low
Jaws CMS 1.1.1 Cross Site Request Forgery
23.08.2016
ZwX
Low
phpCollab CMS 2.5 Cross Site Request Forgery
23.08.2016
Vulnerability Lab
Med.
Telegram Bot API Cross Site Request Forgery / Denial Of Service
16.08.2016
4L1R3Z4
Low
WordPress Email Users 4.8.3 Cross Site Request Forgery
16.08.2016
Julien Rentrop
Low
WordPress Photo Gallery 1.8.5 Cross Site Request Forgery
16.08.2016
Umit Aksu
Low
WordPress Peters Login Redirect 2.9.0 XSS / CSRF
16.08.2016
Yorick Koster
Low
WordPress Add From Server 6.2 Cross Site Request Forgery
10.08.2016
Edwin Molenaar
Med.
Nagios Network Analyzer v2.2.1 Multiple CSRF
09.08.2016
hyp3rlinx
Low
NUUO CSRF Add Admin Exploit
07.08.2016
Gjoko 'LiquidWorm' Krs...
Med.
WordPress Selected Text Sharer 1.0 CSRF / XSS
07.08.2016
bl4ck_mohajem
High
ntop 2.5 Cross Site Request Forgery / Command Execution
06.08.2016
javutin
Low
BlueOnyx 5209R Cross Site Request Forgery
03.08.2016
bl4ck_mohajem
Low
Beats By Dre Cross Site Request Forgery
02.08.2016
Aaditya Purani
Low
DMA Radius Manager 4.1.5 Cross Site Request Forgery
02.08.2016
bl4ck_mohajem
Low
ISPConfig 3.0.5 Cross Site Request Forgery
02.08.2016
bl4ck_mohajem
Med.
Iris ID IrisAccess ICU 7000-2 Multiple XSS and CSRF Vulnerabilities
27.07.2016
Gjoko 'LiquidWorm' Krs...
High
Micro Focus Filr CSRF / XSS / Code Execution
26.07.2016
W. Ettlinger
High
Hitron CGNV4 Modem / Router CSRF / Session Management / Command Injection
22.07.2016
Gergely Eberhardt
Low
WordPress Icegram 1.9.18 Cross Site Request Forgery
20.07.2016
Yorick Koster
Low
Wowza Streaming Engine 4.5.0 Cross Site Request Forgery
20.07.2016
Gjoko 'LiquidWorm' Krs...
Low
WordPress Lazy Content Slider 3.4 Cross Site Request Forgery
09.07.2016
Persian Hack Team
Low
OpenFire 4.0.1 Cross Site Request Forgery / Cross Site Scripting
08.07.2016
hyp3rlinx
Med.
CIMA DocuClass ECM CSRF / XSS / SQL Injection
07.07.2016
Karn Ganeshen
Med.
RS232-NET Converter (JTC-200) CSRF / Weak Credentials / Unauthenticated Access
07.07.2016
Karn Ganeshen
Med.
WebCalendar v1.2.7 CSRF Protection Bypass
04.07.2016
hyp3rlinx
High
Ubiquiti Administration Portal CSRF / Remote Command Execution
29.06.2016
Matt Bergin
Med.
Concrete5 5.7.3.1 Cross Site Request Forgery
29.06.2016
Egidio Romano
Med.
XuezhuLi FileSharing - (Add User) CSRF
24.06.2016
HaHwul
Med.
Yona CMS - (Add Admin) CSRF
21.06.2016
s0nk3y
Med.
IonizeCMS <= 1.0.8 Remote Admin Add CSRF Exploit
21.06.2016
s0nk3y
Med.
Airia Cross Site Request Forgery
21.06.2016
HaHwul
Med.
sNews CMS v1.7.1 Remote Command Execution / CSRF / XSS
19.06.2016
hyp3rlinx
Low
phpATM 1.32 Cross Site Request Forgery / Path Disclosure
18.06.2016
Paolo Massenio
Low
Slim CMS 0.1 Cross Site Request Forgery
17.06.2016
Avinash Kumar Thapa
High
Papouch Backdoor Account / CSRF / Missing Authentication
17.06.2016
Karn Ganeshen
Low
HP StoreEver MSL6480 Tape Library 4.10 Weak Credentials / CSRF / Access Control
17.06.2016
Karn Ganeshen
Med.
Hyperoptic (Tilgin) Router HG23xx CSRF / Cross Site Scripting
15.06.2016
Gjoko 'LiquidWorm' Krs...
Low
Ultrabenosaurus ChatBoard Cross Site Request Forgery
15.06.2016
HaHwul
Low
Mobiketa 1.0 Cross Site Request Forgery
14.06.2016
Murat YILMAZLAR
High
Viart Shopping Cart 5.0 CSRF / Shell Upload
14.06.2016
Ali Ghanbari
Low
Dream Gallery 1.0 Cross Site Request Forgery
07.06.2016
Ali Ghanbari


CVEMAP Search Results

CVE
Details
Description
2015-02-23
Medium
CVE-2015-2048

Vendor: D-link
Software: Dcs-931l fir...
 

 
Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

 
2015-02-20
Medium
CVE-2015-2039

Vendor: Acobot live chat & contact form project
Software: Acobot live ...
 

 
Multiple cross-site request forgery (CSRF) vulnerabilities in the Acobot Live Chat & Contact Form plugin 2.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or (2) conduct cross-site scripting (XSS) attacks via the acobot_token parameter in the acobot page to wp-admin/options-general.php.

 
2015-02-19
Medium
CVE-2015-1585

Vendor: Fatfreecrm
Software: Fat free crm
 

 
Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery (CSRF) attacks via a request without the authenticity_token, as demonstrated by a crafted HTML page that creates a new administrator account.

 
Medium
CVE-2015-1614

Vendor: Image metadata cruncher project
Software: Image metada...
 

 
Multiple cross-site request forgery (CSRF) vulnerabilities in the Image Metadata Cruncher plugin for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) image_metadata_cruncher[alt] or (2) image_metadata_cruncher[caption] parameter in an update action in the image_metadata_cruncher_title page to wp-admin/options.php or (3) custom image meta tag to the image metadata cruncher page.

 
2015-02-13
Medium
CVE-2014-0151

Vendor: Ovirt
Software: Ovirt
 

 
Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API request.

 
2015-02-11
Medium
CVE-2015-1580

Vendor: Redirection project
Software: Redirection
 

 
Multiple cross-site request forgery (CSRF) vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) source or (3) redir parameter in an add action in the redirection-page to wp-admin/options-general.php.

 
Medium
CVE-2015-1581

Vendor: Mobile domain project
Software: Mobile domain
 

 
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mobile Domain plugin 1.5.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) domain, (3) text, (4) font, (5) fontcolor, (6) color, or (7) padding parameter in an add-domain action in the mobile-domain page to wp-admin/options-general.php.

 
2015-02-10
Medium
CVE-2015-1432

Vendor: Phpbb
Software: Phpbb
 

 
The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors.

 
2015-02-09
Medium
CVE-2015-1568

Vendor: Studio.gd
Software: Gd infinite ...
 

 
Cross-site request forgery (CSRF) vulnerability in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote attackers to hijack the authentication of users with the "edit gd infinite scroll settings" permission for requests that delete settings via unspecified vectors.

 
2015-02-04
Medium
CVE-2014-9331

Vendor: Zohocorp
Software: Manageengine...
 

 
Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATE_ID/1417736606982/roleMgmt.do.

 

 


Copyright 2017, cxsecurity.com