CWE:
 

Topic
Date
Author
Low
WUZHI CMS 4.1.0 Cross-Site Request Forgery (Add Admin User)
11.04.2018
taoge
Med.
WolfCMS 0.8.3.1 Cross Site Request Forgery
09.04.2018
Sureshbabu Narvaneni
Med.
KYOCERA Net Admin 3.4 CSRF Add Admin Exploit
09.04.2018
Gjoko 'LiquidWorm' Krs...
Low
Cobub Razor 0.7.2 Cross Site Request Forgery
07.04.2018
ppb
Low
WampServer 3.1.2 Cross-Site Request Forgery
02.04.2018
Vipin Chaudhary
Low
WampServer 3.1.1 Cross-Site Scripting / Cross-Site Request Forgery
02.04.2018
Vipin Chaudhary
Low
Frog CMS 0.9.5 Cross-Site Request Forgery (Add User)
02.04.2018
Samrat Das
Low
MiniCMS 1.10 Cross-Site Request Forgery
31.03.2018
zixian
Low
TL-WR720N 150Mbps Wireless N Router Cross Site Request Forgery
27.03.2018
Mans van Someren
Med.
SecurEnvoy SecurMail 9.1.501 XSS / CSRF / Traversal
13.03.2018
Wolfgang Ettlinger
Med.
Magento Backups Cross Site Request Forgery
07.03.2018
DefenseCode
Low
D-Link DGS-3000-10TC Cross Site Request Forgery
01.03.2018
MustLive
Low
Bugzilla 4.4.12 / 5.0.3 Cross Site Request Forgery
19.02.2018
Holger Fuhrmannek
Low
Front Accounting ERP 2.4.3 Cross Site Request Forgery
17.02.2018
Samrat Das
Med.
Dell EMC Isilon OneFS XSS / Code Execution / CSRF
16.02.2018
CORE
Low
Tejari Cross Site Request Forgery
16.02.2018
Arvind Vishwakarma
Low
NAT32 2.2 Build 22284 Cross-Site Request Forgery
14.02.2018
hyp3rlinx
Low
TypeSetter CMS 5.1 Cross-Site Request Forgery
13.02.2018
Navina Asrani
High
Kaspersky Secure Mail Gateway 1.1.0.379 CSRF / Code Execution
07.02.2018
CORE
Low
Joomla! JS Support Ticket 1.1.0 Cross Site Request Forgery
29.01.2018
Ihsan Sencan
Low
Netis-WF2419 Cross Site Request Forgery
29.01.2018
Sajibe Kanti
Low
KeystoneJS < 4.0.0-beta.7 Cross-Site Request Forgery
29.01.2018
Saurabh Banawar
Low
Rapid7 Nexpose 6.4.65 Cross Site Request Forgery
29.01.2018
Shwetabh Vishnoi
Low
Gnew 2018.1 Cross Site Request Forgery
29.01.2018
Cyril Vallicar
Low
Dodocool DC38 N300 Cross-site Request Forgery
26.01.2018
Raffaele Sabato
Med.
RSVP Invitation Online 1.0 Cross-Site Request Forgery (Update Admin)
24.01.2018
Ihsan Sencan
Low
Photography CMS 1.0 Cross-Site Request Forgery (Add Admin)
24.01.2018
Ihsan Sencan
Low
WordPress Download Manager 2.9.60 Cross Site Request Forgery
11.01.2018
Panagiotis Vagenas
Low
WordPress Social Media Widget By Acurax 3.2.5 Cross Site Request Forgery
10.01.2018
Panagiotis Vagenas
Med.
WordPress CMS Tree Page View 1.4 CSRF / Privilege Escalation
09.01.2018
Panagiotis Vagenas
Med.
Vanilla < 2.1.5 Cross-Site Request Forgery
08.01.2018
Anand Meyyappan
High
WDMyCloud <= 2.30.165 Multiple Vulnerabilities
05.01.2018
GulfTech
Low
pfSense 2.4.1 CSRF Error Page Clickjacking
13.12.2017
Yorick Koster
Low
D-Link DCS-936L Network Camera Cross-Site Request Forgery
16.11.2017
SlidingWindow
Med.
JanTek JTC-200 RS232-NET Connector CSRF / Missing Authentication
01.11.2017
Karn Ganeshen
Med.
ZKTime Web Software 2.0 Cross Site Request Forgery
21.10.2017
Arvind V.
Med.
Linksys E Series CSRF / XSS / Denial Of Service / Header Injection
18.10.2017
SEC Consult
Low
AlienVault USM 5.4.2 Cross Site Request Forgery
15.10.2017
Julien
Med.
Metasploit < 4.14.1-20170828 Cross-Site Request Forgery
09.10.2017
Dhiraj Mishra
Med.
WordPress Content Audit 1.9.1 Cross Site Request Forgery / Cross Site Scripting
28.09.2017
Tom Adams
Low
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Request Forgery
19.09.2017
Arvind Vishwakarma
Med.
DigiAffiliate 1.4Cross-Site Request Forgery (Update Admin)
18.09.2017
Ihsan Sencan
Med.
Digileave 1.2Cross-Site Request Forgery (Update Admin)
18.09.2017
Ihsan Sencan
Med.
Digirez 3.4 Cross-Site Request Forgery (Update Admin)
18.09.2017
Ihsan Sencan
High
WiseGiga NAS CSRF / LFI / Command Execution
12.09.2017
Pierre Kim
Low
jRank - Topsites Script 1.0 - Cross-Site Request Forgery
11.09.2017
Ihsan Sencan
Med.
EE 4GEE Wireless Router EE60_00_05.00_25 XSS / CSRF / Disclosure
10.09.2017
James Hemmings
Low
Pay Banner Text Link Ad 1.0.6.1 Cross-Site Request Forgery (Update Admin)
06.09.2017
Ihsan Sencan
High
Mongoose Web Server 6.5 Cross-Site Request Forgery / Remote Code Execution
05.09.2017
hyp3rlinx
Low
Invoice Manager 3.1 Cross-Site Request Forgery (Add Admin)
31.08.2017
Ali BawazeEer
Med.
NethServer 7.3.1611 - Cross-Site Request Forgery (Create User / Enable SSH Access)
30.08.2017
Gjoko 'LiquidWorm' Krs...
Med.
NethServer 7.3.1611 - Cross-Site Request Forgery / Cross-Site Scripting
30.08.2017
Gjoko 'LiquidWorm' Krs...
Low
Matrimony 2.7 Cross Site Request Forgery
30.08.2017
Ali BawazeEer
Med.
NethServer 7.3.1611 CSRF Create User / Enable SSH Access
29.08.2017
Gjoko 'LiquidWorm' Krs...
Med.
NethServer 7.3.1611 Upload.json CSRF Script Insertion
29.08.2017
Gjoko 'LiquidWorm' Krs...
Low
Pluck CMS 4.7.4 Cross Site Request Forgery
15.08.2017
Ashiyane Digital Secur...
Low
RealTime RWR-3G-100 Router Cross-Site Request Forgery
13.08.2017
Touhid M.Shaikh
Low
Friends in War Make or Break 1.7 Cross-Site Request Forgery
28.07.2017
shinnai
Med.
Dasan Networks GPON ONT WiFi Router H64X Series - Cross-Site Request Forgery
14.07.2017
Gjoko 'LiquidWorm' Krs...
Med.
Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access
11.07.2017
Gjoko 'LiquidWorm' Krs...
Med.
Kaspersky Anti-Virus File Server 8.0.3.297 XSS / CSRF / Code Execution
29.06.2017
CORE
Med.
Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities
29.06.2017
CORE
Low
D-Link DIR-100 Brute Force / Cross Site Request Forgery
26.06.2017
MustLive
Low
WonderCMS 2.1.0 Cross-Site Request Forgery
22.06.2017
Zerox Security Lab
Med.
SimpleCE 2.3.0 Cross Site Request Forgery / Cross Site Scripting
15.06.2017
8bitsec
Med.
Peplink 7.0.0-build1904 XSS / CSRF / SQL Injection / File Deletion
06.06.2017
X41
Med.
Subsonic 6.1.1 Password Reset Cross Site Request Forgery
06.06.2017
hyp3rlinx
Low
Apache Archiva 2.2.1 Cross Site Request Forgery
23.05.2017
Martin S
Med.
Wordpress plugins wp-mailinglist upload File Vulnerability | CSRF
22.05.2017
sohaip-hackerDZ
Med.
WordPress EELV Newsletter 4.5 XSS / CSRF
17.05.2017
Vulnerability Lab
Med.
Admidio 3.2.8 Cross Site Request Forgery
16.05.2017
Faiz Ahmed Zaidi
Low
MailCow 0.14 Cross Site Request Forgery
15.05.2017
hyp3rlinx
Med.
TYCHE STUDIO CMS Shell Upload Vulnerability CSRF
12.05.2017
Berandal | OWL SQUAD
Low
objectif8 CSRF VULNERABILITY
12.05.2017
Mohammad Babaee
Med.
ASUS Routers CSRF / Information Disclosure
11.05.2017
Yakov Shafranovich
Low
Gongwalker API Manager 1.1 Cross Site Request Forgery
11.05.2017
HaHwul
Low
WordPress Clean Login Cross Site Request Forgery
10.05.2017
Zhiyang Zeng
Low
ViMbAdmin 3.0.15 Cross Site Request Forgery
06.05.2017
Florian NIVETTE
Med.
concrete5 8.1.0 Thumbnail Editor CSRF / DoS
04.05.2017
Insecurity
Med.
Wordpress Theme Sehf File Upload Vulnerability | CSRF
04.05.2017
Berandal
Med.
Wordpress Theme Ebs File Upload Vulnerability | CSRF
03.05.2017
Berandal | OWL SQUAD
Med.
Alerton Webtalk 2.5 / 3.3 Hash Disclosure / CSRF / Command Injection
28.04.2017
David Tomaschik
Med.
Revive Ad Server 4.0.1 Cross Site Request Forgery / Cross Site Scripting
27.04.2017
Cyril Vallicari
Low
WordPress Connection Information Cross Site Request Forgery
21.04.2017
Yorick Koster
Low
Agorum Core Pro 7.8.1.4-251 Cross Site Request Forgery
14.04.2017
Multpile
Low
s9y Serendipity Cross Site Request Forgery
12.04.2017
Zhiyang Zeng
Med.
HelpDEZK 1.1.1 - Cross-Site Request Forgery / Code Execution
07.04.2017
rungga_reksya
Med.
D-Link DIR 615 HW T1 FW 20.09 Cross-Site Request Forgery
04.04.2017
Pratik S. Shah
Med.
inoERP 0.6.1 CSRF / XSS / SQL Injection
28.03.2017
foxmole
High
Solar-Log CSRF / Information Disclosure / DoS / File Upload
22.03.2017
T. Weber
Low
AXIS Cross Site Request Forgery / Cross Site Scripting
18.03.2017
David Wearing
Low
AXIS Communications Cross Site Request Forgery
18.03.2017
orwelllabs
Low
WatchGuard XTMv 11.12 Build 516911 Cross Site Request Forgery
12.03.2017
Matt Bergin
Med.
FTP Voyager Scheduler 16.2.0 CSRF / Denial Of Service
11.03.2017
hyp3rlinx
Med.
Wordpress Themes Synoptic Shell Upload Vulnerability | CSRF
11.03.2017
Berandal | OWL SQUAD
Med.
Navetti PricePoint 4.6.0.0 XSS / CSRF / SQL Injection
10.03.2017
W. Schober
Low
Western Digital My Cloud Cross Site Request Forgery
08.03.2017
Remco Vermeulen
Med.
WordPress 4.5.3 Press This Function CSRF / Denial Of Service
07.03.2017
Sipke Mellema
Med.
Deluge 1.3.13 Cross Site Request Forgery / Code Execution
07.03.2017
Kyle Neideck
Med.
pfSense 2.3.2 Cross Site Request Forgery / Cross Site Scripting
04.03.2017
Yann CAM @ASafety


CVEMAP Search Results

CVE
Details
Description
2018-04-11
Medium
CVE-2018-10030

Vendor: Cmsmadesimple
Software: Cms made simple
 

 
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php.

 
Medium
CVE-2018-10031

Vendor: Cmsmadesimple
Software: Cms made simple
 

 
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php.

 
2018-04-10
Medium
CVE-2018-9923

Vendor: Icmsdev
Software: ICMS
 

 
An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request.

 
2018-03-27
Medium
CVE-2018-9092

Vendor: Minicms project
Software: Minicms
 

 
There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password.

 
Medium
CVE-2018-7700

Vendor: Dedecms
Software: Dedecms
 

 
DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.

 
2018-03-26
Medium
CVE-2018-1213

Vendor: DELL
Software: Emc isilon onefs
 

 
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.

 
2018-03-25
Medium
CVE-2018-8817

Vendor: Wampserver
Software: Wampserver
 

 
Wampserver before 3.1.3 has CSRF in add_vhost.php.

 
Medium
CVE-2018-8979

Vendor: Open-audit
Software: Open-audit
 

 
Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.

 
2018-03-23
Medium
CVE-2018-1000137

Vendor: I-librarian
Software: I librarian
 

 
I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge.

 
2018-03-22
Medium
CVE-2018-7524

Vendor: Geutebrueck
Software: G-cam/efd-22...
 

 
A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top