CWE:
 

Topic
Date
Author
Med.
LFCMS 3.7.0 Cross Site Request Forgery
22.06.2018
bay0net
Med.
Joomla! Component Jomres 9.11.2 Cross-Site Request Forgery (Add User)
20.06.2018
L0RD
Med.
RabbitMQ Web Management Cross Site Request Forgery
18.06.2018
Dolev Farhi
Med.
Joomla Jomres 9.11.2 Cross Site Request Forgery
18.06.2018
Borna Nematzadeh
Low
MACCMS 10 Cross Site Request Forgery
14.06.2018
bay0net
Low
WordPress Tooltipy 5.0 Cross Site Request Forgery
13.06.2018
Tom Adams
Med.
Jenkins Mailer Cross Site Request Forgery
06.06.2018
Kl3_GMjq6
Low
GreenCMS 2.3.0603 Cross Site Request Forgery
04.06.2018
xichao
High
JDA Connect CSRF / Command Execution / Exposed JMX Service
31.05.2018
Xiaoran Wang
Low
SearchBlox 8.6.6 Cross-Site Request Forgery
30.05.2018
Ahmet Gurel
Low
Joomla! Component jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery
30.05.2018
L0RD
Low
EasyService Billing 1.0 Cross-Site Request Forgery
29.05.2018
Divya Jain
Med.
Sharetronix CMS 3.6.2 Cross-Site Request Forgery / Cross-Site Scripting
28.05.2018
Hesam Bazvand
High
WordPress Peugeot Music 1.0 Shell Upload / Cross Site Request Forgery
25.05.2018
Mr.7z
Low
Timber 1.1 Cross Site Request Forgery
25.05.2018
Borna Nematzadeh
Low
Mcard Mobile Card Selling Platform 1 Cross Site Request Forgery
25.05.2018
Borna Nematzadeh
Med.
Teradek VidiU Pro 3.0.3 Change Password Cross Site Request Forgery
22.05.2018
LiquidWorm
Low
Merge PACS 7.0 Cross Site Request Forgery
22.05.2018
Safak Aslan
Med.
Auto Dealership And Vehicle Showroom WebSys 1.0 XSS / CSRF / SQL Injection
22.05.2018
Borna Nematzadeh
Med.
Model Agency Media House And Media Gallery 1.0 XSS / CSRF / SQL Injection
22.05.2018
Borna Nematzadeh
Low
Infinity Market Classified Ads Script 1.6.2 Cross-Site Request Forgery
21.05.2018
L0RD
Low
Healwire Online Pharmacy 3.0 Cross Site Request Forgery / Cross Site Scripting
19.05.2018
Borna Nematzadeh
Low
Siemens SIMATIC Panels Cross Site Request Forgery / Cross Site Scripting
19.05.2018
t4rkd3vilz
Low
Healwire Online Pharmacy 3.0 Persistent Cross-Site Scripting / Cross-Site Request Forgery
18.05.2018
L0RD
Med.
SuperCom Online Shopping Ecommerce Cart 1 XSS / CSRF / SQL Injection
18.05.2018
Borna Nematzadeh
Low
Powerlogic/Schneider Electric IONXXXX Series Cross Site Request Forgery
18.05.2018
t4rkd3vilz
Med.
NodAPS 4.0 SQL injection / Cross-Site Request Forgery
18.05.2018
L0RD
Low
MyBB Admin Notes 1.1 Cross Site Request Forgery
17.05.2018
0xB9
Low
Horse Market Sell And Rent Portal Script 1.5.7 CSRF
17.05.2018
L0RD
Low
Totemomail Encryption Gateway 6.0.0_Build_371 Cross Site Request Forgery
16.05.2018
Nicolas Heiniger
Low
Metronet Tag Manager 1.2.7 Cross Site Request Forgery
16.05.2018
Tom Adams
Med.
IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
15.05.2018
Jan Bee
Low
WordPress WP User Groups 2.0.0 Cross Site Request Forgery
12.05.2018
Tom Adams
Low
Fastweb FASTGate 0.00.47 Cross Site Request Forgery
10.05.2018
Raffaele Sabato
Low
phpVirtualBox 5.2 Cross Site Request Forgery / Cross Site Scripting
10.05.2018
Codex Lynx
Low
Easy Hosting Control Panel 0.37.12.b Cross Site Request Forgery
09.05.2018
hyp3rlinx
Low
D-Link DIR-868L 1.12 Cross Site Request Forgery
09.05.2018
Siddhartha Tripathy
Low
phpMyAdmin 4.8.0 < 4.8.0-1 Cross-Site Request Forgery
24.04.2018
revengsh
Low
WUZHI CMS 4.1.0 Cross-Site Request Forgery (Add Admin User)
11.04.2018
taoge
Med.
WolfCMS 0.8.3.1 Cross Site Request Forgery
09.04.2018
Sureshbabu Narvaneni
Med.
KYOCERA Net Admin 3.4 CSRF Add Admin Exploit
09.04.2018
Gjoko 'LiquidWorm' Krs...
Low
Cobub Razor 0.7.2 Cross Site Request Forgery
07.04.2018
ppb
Low
WampServer 3.1.2 Cross-Site Request Forgery
02.04.2018
Vipin Chaudhary
Low
WampServer 3.1.1 Cross-Site Scripting / Cross-Site Request Forgery
02.04.2018
Vipin Chaudhary
Low
Frog CMS 0.9.5 Cross-Site Request Forgery (Add User)
02.04.2018
Samrat Das
Low
MiniCMS 1.10 Cross-Site Request Forgery
31.03.2018
zixian
Low
TL-WR720N 150Mbps Wireless N Router Cross Site Request Forgery
27.03.2018
Mans van Someren
Med.
SecurEnvoy SecurMail 9.1.501 XSS / CSRF / Traversal
13.03.2018
Wolfgang Ettlinger
Med.
Magento Backups Cross Site Request Forgery
07.03.2018
DefenseCode
Low
D-Link DGS-3000-10TC Cross Site Request Forgery
01.03.2018
MustLive
Low
Bugzilla 4.4.12 / 5.0.3 Cross Site Request Forgery
19.02.2018
Holger Fuhrmannek
Low
Front Accounting ERP 2.4.3 Cross Site Request Forgery
17.02.2018
Samrat Das
Med.
Dell EMC Isilon OneFS XSS / Code Execution / CSRF
16.02.2018
CORE
Low
Tejari Cross Site Request Forgery
16.02.2018
Arvind Vishwakarma
Low
NAT32 2.2 Build 22284 Cross-Site Request Forgery
14.02.2018
hyp3rlinx
Low
TypeSetter CMS 5.1 Cross-Site Request Forgery
13.02.2018
Navina Asrani
High
Kaspersky Secure Mail Gateway 1.1.0.379 CSRF / Code Execution
07.02.2018
CORE
Low
Joomla! JS Support Ticket 1.1.0 Cross Site Request Forgery
29.01.2018
Ihsan Sencan
Low
Netis-WF2419 Cross Site Request Forgery
29.01.2018
Sajibe Kanti
Low
KeystoneJS < 4.0.0-beta.7 Cross-Site Request Forgery
29.01.2018
Saurabh Banawar
Low
Rapid7 Nexpose 6.4.65 Cross Site Request Forgery
29.01.2018
Shwetabh Vishnoi
Low
Gnew 2018.1 Cross Site Request Forgery
29.01.2018
Cyril Vallicar
Low
Dodocool DC38 N300 Cross-site Request Forgery
26.01.2018
Raffaele Sabato
Med.
RSVP Invitation Online 1.0 Cross-Site Request Forgery (Update Admin)
24.01.2018
Ihsan Sencan
Low
Photography CMS 1.0 Cross-Site Request Forgery (Add Admin)
24.01.2018
Ihsan Sencan
Low
WordPress Download Manager 2.9.60 Cross Site Request Forgery
11.01.2018
Panagiotis Vagenas
Low
WordPress Social Media Widget By Acurax 3.2.5 Cross Site Request Forgery
10.01.2018
Panagiotis Vagenas
Med.
WordPress CMS Tree Page View 1.4 CSRF / Privilege Escalation
09.01.2018
Panagiotis Vagenas
Med.
Vanilla < 2.1.5 Cross-Site Request Forgery
08.01.2018
Anand Meyyappan
High
WDMyCloud <= 2.30.165 Multiple Vulnerabilities
05.01.2018
GulfTech
Low
pfSense 2.4.1 CSRF Error Page Clickjacking
13.12.2017
Yorick Koster
Low
D-Link DCS-936L Network Camera Cross-Site Request Forgery
16.11.2017
SlidingWindow
Med.
JanTek JTC-200 RS232-NET Connector CSRF / Missing Authentication
01.11.2017
Karn Ganeshen
Med.
ZKTime Web Software 2.0 Cross Site Request Forgery
21.10.2017
Arvind V.
Med.
Linksys E Series CSRF / XSS / Denial Of Service / Header Injection
18.10.2017
SEC Consult
Low
AlienVault USM 5.4.2 Cross Site Request Forgery
15.10.2017
Julien
Med.
Metasploit < 4.14.1-20170828 Cross-Site Request Forgery
09.10.2017
Dhiraj Mishra
Med.
WordPress Content Audit 1.9.1 Cross Site Request Forgery / Cross Site Scripting
28.09.2017
Tom Adams
Low
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Request Forgery
19.09.2017
Arvind Vishwakarma
Med.
DigiAffiliate 1.4Cross-Site Request Forgery (Update Admin)
18.09.2017
Ihsan Sencan
Med.
Digileave 1.2Cross-Site Request Forgery (Update Admin)
18.09.2017
Ihsan Sencan
Med.
Digirez 3.4 Cross-Site Request Forgery (Update Admin)
18.09.2017
Ihsan Sencan
High
WiseGiga NAS CSRF / LFI / Command Execution
12.09.2017
Pierre Kim
Low
jRank - Topsites Script 1.0 - Cross-Site Request Forgery
11.09.2017
Ihsan Sencan
Med.
EE 4GEE Wireless Router EE60_00_05.00_25 XSS / CSRF / Disclosure
10.09.2017
James Hemmings
Low
Pay Banner Text Link Ad 1.0.6.1 Cross-Site Request Forgery (Update Admin)
06.09.2017
Ihsan Sencan
High
Mongoose Web Server 6.5 Cross-Site Request Forgery / Remote Code Execution
05.09.2017
hyp3rlinx
Low
Invoice Manager 3.1 Cross-Site Request Forgery (Add Admin)
31.08.2017
Ali BawazeEer
Med.
NethServer 7.3.1611 - Cross-Site Request Forgery (Create User / Enable SSH Access)
30.08.2017
Gjoko 'LiquidWorm' Krs...
Med.
NethServer 7.3.1611 - Cross-Site Request Forgery / Cross-Site Scripting
30.08.2017
Gjoko 'LiquidWorm' Krs...
Low
Matrimony 2.7 Cross Site Request Forgery
30.08.2017
Ali BawazeEer
Med.
NethServer 7.3.1611 CSRF Create User / Enable SSH Access
29.08.2017
Gjoko 'LiquidWorm' Krs...
Med.
NethServer 7.3.1611 Upload.json CSRF Script Insertion
29.08.2017
Gjoko 'LiquidWorm' Krs...
Low
Pluck CMS 4.7.4 Cross Site Request Forgery
15.08.2017
Ashiyane Digital Secur...
Low
RealTime RWR-3G-100 Router Cross-Site Request Forgery
13.08.2017
Touhid M.Shaikh
Low
Friends in War Make or Break 1.7 Cross-Site Request Forgery
28.07.2017
shinnai
Med.
Dasan Networks GPON ONT WiFi Router H64X Series - Cross-Site Request Forgery
14.07.2017
Gjoko 'LiquidWorm' Krs...
Med.
Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access
11.07.2017
Gjoko 'LiquidWorm' Krs...
Med.
Kaspersky Anti-Virus File Server 8.0.3.297 XSS / CSRF / Code Execution
29.06.2017
CORE
Med.
Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities
29.06.2017
CORE


CVEMAP Search Results

CVE
Details
Description
2018-05-17
Medium
CVE-2018-1434

Vendor: IBM
Software: Spectrum vir...
 

 
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.

 
2018-05-16
Medium
CVE-2018-0270

Vendor: Cisco
Software: Iot field ne...
 

 
A vulnerability in the web-based management interface of Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and alter the data of existing users and groups on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could create a new, privileged account to obtain full control over the device interface. This vulnerability affects Connected Grid Network Management System, if running a software release prior to IoT-FND Release 3.0; and IoT Field Network Director, if running a software release prior to IoT-FND Release 4.1.1-6 or 4.2.0-123. Cisco Bug IDs: CSCvi02448.

 
2018-05-15
Medium
CVE-2017-2613

Vendor: Jenkins
Software: Jenkins
 

 
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records (SECURITY-406).

 
Low
CVE-2018-11127

Vendor: E107
Software: E107
 

 
e107 2.1.7 has CSRF resulting in arbitrary user deletion.

 
Medium
CVE-2018-11126

Vendor: Doorgets
Software: Doorgets
 

 
dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrator account.

 
2018-05-14
Medium
CVE-2017-12126

Vendor: MOXA
Software: Edr-810 firmware
 

 
An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability.

 
2018-05-13
Medium
CVE-2018-11018

Vendor: Pbootcms
Software: Pbootcms
 

 
An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html.

 
2018-05-12
Medium
CVE-2018-11004

Vendor: Sdcms
Software: Sdcms
 

 
An issue was discovered in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add.

 
Low
CVE-2018-11003

Vendor: Yxcms
Software: Yxcms
 

 
An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel.

 
2018-05-11
Medium
CVE-2018-6023

Vendor: Fastweb
Software: Fastgate fir...
 

 
Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top