CWE:
 

Topic
Date
Author
Med.
Linksys E Series CSRF / XSS / Denial Of Service / Header Injection
18.10.2017
SEC Consult
Low
AlienVault USM 5.4.2 Cross Site Request Forgery
15.10.2017
Julien
Med.
Metasploit < 4.14.1-20170828 Cross-Site Request Forgery
09.10.2017
Dhiraj Mishra
Med.
WordPress Content Audit 1.9.1 Cross Site Request Forgery / Cross Site Scripting
28.09.2017
Tom Adams
Low
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Request Forgery
19.09.2017
Arvind Vishwakarma
Med.
DigiAffiliate 1.4Cross-Site Request Forgery (Update Admin)
18.09.2017
Ihsan Sencan
Med.
Digileave 1.2Cross-Site Request Forgery (Update Admin)
18.09.2017
Ihsan Sencan
Med.
Digirez 3.4 Cross-Site Request Forgery (Update Admin)
18.09.2017
Ihsan Sencan
High
WiseGiga NAS CSRF / LFI / Command Execution
12.09.2017
Pierre Kim
Low
jRank - Topsites Script 1.0 - Cross-Site Request Forgery
11.09.2017
Ihsan Sencan
Med.
EE 4GEE Wireless Router EE60_00_05.00_25 XSS / CSRF / Disclosure
10.09.2017
James Hemmings
Low
Pay Banner Text Link Ad 1.0.6.1 Cross-Site Request Forgery (Update Admin)
06.09.2017
Ihsan Sencan
High
Mongoose Web Server 6.5 Cross-Site Request Forgery / Remote Code Execution
05.09.2017
hyp3rlinx
Low
Invoice Manager 3.1 Cross-Site Request Forgery (Add Admin)
31.08.2017
Ali BawazeEer
Med.
NethServer 7.3.1611 - Cross-Site Request Forgery (Create User / Enable SSH Access)
30.08.2017
Gjoko 'LiquidWorm' Krs...
Med.
NethServer 7.3.1611 - Cross-Site Request Forgery / Cross-Site Scripting
30.08.2017
Gjoko 'LiquidWorm' Krs...
Low
Matrimony 2.7 Cross Site Request Forgery
30.08.2017
Ali BawazeEer
Med.
NethServer 7.3.1611 CSRF Create User / Enable SSH Access
29.08.2017
Gjoko 'LiquidWorm' Krs...
Med.
NethServer 7.3.1611 Upload.json CSRF Script Insertion
29.08.2017
Gjoko 'LiquidWorm' Krs...
Low
Pluck CMS 4.7.4 Cross Site Request Forgery
15.08.2017
Ashiyane Digital Secur...
Low
RealTime RWR-3G-100 Router Cross-Site Request Forgery
13.08.2017
Touhid M.Shaikh
Low
Friends in War Make or Break 1.7 Cross-Site Request Forgery
28.07.2017
shinnai
Med.
Dasan Networks GPON ONT WiFi Router H64X Series - Cross-Site Request Forgery
14.07.2017
Gjoko 'LiquidWorm' Krs...
Med.
Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access
11.07.2017
Gjoko 'LiquidWorm' Krs...
Med.
Kaspersky Anti-Virus File Server 8.0.3.297 XSS / CSRF / Code Execution
29.06.2017
CORE
Med.
Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities
29.06.2017
CORE
Low
D-Link DIR-100 Brute Force / Cross Site Request Forgery
26.06.2017
MustLive
Low
WonderCMS 2.1.0 Cross-Site Request Forgery
22.06.2017
Zerox Security Lab
Med.
SimpleCE 2.3.0 Cross Site Request Forgery / Cross Site Scripting
15.06.2017
8bitsec
Med.
Peplink 7.0.0-build1904 XSS / CSRF / SQL Injection / File Deletion
06.06.2017
X41
Med.
Subsonic 6.1.1 Password Reset Cross Site Request Forgery
06.06.2017
hyp3rlinx
Low
Apache Archiva 2.2.1 Cross Site Request Forgery
23.05.2017
Martin S
Med.
Wordpress plugins wp-mailinglist upload File Vulnerability | CSRF
22.05.2017
sohaip-hackerDZ
Med.
WordPress EELV Newsletter 4.5 XSS / CSRF
17.05.2017
Vulnerability Lab
Med.
Admidio 3.2.8 Cross Site Request Forgery
16.05.2017
Faiz Ahmed Zaidi
Low
MailCow 0.14 Cross Site Request Forgery
15.05.2017
hyp3rlinx
Med.
TYCHE STUDIO CMS Shell Upload Vulnerability CSRF
12.05.2017
Berandal | OWL SQUAD
Low
objectif8 CSRF VULNERABILITY
12.05.2017
Mohammad Babaee
Med.
ASUS Routers CSRF / Information Disclosure
11.05.2017
Yakov Shafranovich
Low
Gongwalker API Manager 1.1 Cross Site Request Forgery
11.05.2017
HaHwul
Low
WordPress Clean Login Cross Site Request Forgery
10.05.2017
Zhiyang Zeng
Low
ViMbAdmin 3.0.15 Cross Site Request Forgery
06.05.2017
Florian NIVETTE
Med.
concrete5 8.1.0 Thumbnail Editor CSRF / DoS
04.05.2017
Insecurity
Med.
Wordpress Theme Sehf File Upload Vulnerability | CSRF
04.05.2017
Berandal
Med.
Wordpress Theme Ebs File Upload Vulnerability | CSRF
03.05.2017
Berandal | OWL SQUAD
Med.
Alerton Webtalk 2.5 / 3.3 Hash Disclosure / CSRF / Command Injection
28.04.2017
David Tomaschik
Med.
Revive Ad Server 4.0.1 Cross Site Request Forgery / Cross Site Scripting
27.04.2017
Cyril Vallicari
Low
WordPress Connection Information Cross Site Request Forgery
21.04.2017
Yorick Koster
Low
Agorum Core Pro 7.8.1.4-251 Cross Site Request Forgery
14.04.2017
Multpile
Low
s9y Serendipity Cross Site Request Forgery
12.04.2017
Zhiyang Zeng
Med.
HelpDEZK 1.1.1 - Cross-Site Request Forgery / Code Execution
07.04.2017
rungga_reksya
Med.
D-Link DIR 615 HW T1 FW 20.09 Cross-Site Request Forgery
04.04.2017
Pratik S. Shah
Med.
inoERP 0.6.1 CSRF / XSS / SQL Injection
28.03.2017
foxmole
High
Solar-Log CSRF / Information Disclosure / DoS / File Upload
22.03.2017
T. Weber
Low
AXIS Cross Site Request Forgery / Cross Site Scripting
18.03.2017
David Wearing
Low
AXIS Communications Cross Site Request Forgery
18.03.2017
orwelllabs
Low
WatchGuard XTMv 11.12 Build 516911 Cross Site Request Forgery
12.03.2017
Matt Bergin
Med.
FTP Voyager Scheduler 16.2.0 CSRF / Denial Of Service
11.03.2017
hyp3rlinx
Med.
Wordpress Themes Synoptic Shell Upload Vulnerability | CSRF
11.03.2017
Berandal | OWL SQUAD
Med.
Navetti PricePoint 4.6.0.0 XSS / CSRF / SQL Injection
10.03.2017
W. Schober
Low
Western Digital My Cloud Cross Site Request Forgery
08.03.2017
Remco Vermeulen
Med.
WordPress 4.5.3 Press This Function CSRF / Denial Of Service
07.03.2017
Sipke Mellema
Med.
Deluge 1.3.13 Cross Site Request Forgery / Code Execution
07.03.2017
Kyle Neideck
Med.
pfSense 2.3.2 Cross Site Request Forgery / Cross Site Scripting
04.03.2017
Yann CAM @ASafety
Low
WordPress Contact Form Manager CSRF / XSS
03.03.2017
Edwin Molenaar
Low
WordPress Atahualpa Theme Cross Site Request Forgery
03.03.2017
Spyros Gasteratos
Low
WordPress File Manager 3.0.1 Cross Site Request Forgery
03.03.2017
David Vaartjes
Low
WordPress Global Content Blocks 2.1.5 Cross Site Request Forgery
03.03.2017
Yorick Koster
Low
WordPress Popup By Supsystic 1.7.6 Cross Site Request Forgery
03.03.2017
Radjnies Bhansingh
High
WordPress Download Manager 2.8.99 Cross Site Request Forgery
03.03.2017
Burak Kelebek
Low
WordPress Gwolle Guestbook 1.7.4 Cross Site Request Forgery
03.03.2017
Spyros Gasteratos
Low
DIGISOL DG-HR1400 Cross Site Request Forgery
24.02.2017
Indrajith A.N
Low
Elefant CMS 1.3.12-RC Cross Site Request Forgery
19.02.2017
Tim Coen
Med.
SonicDICOM PACS 2.3.2 CSRF Add Admin Exploit
12.02.2017
Gjoko 'LiquidWorm' Krs...
Med.
Zoneminder 1.29 / 1.30 CSRF / XSS / SQL Injection / Session Fixation
03.02.2017
foxmole
Med.
Ubiquiti Networks Cross Site Scripting / Cross Site Request Forgery
31.01.2017
T. Weber
Low
WordPress FormBuilder 1.05 Cross Site Request Forgery
30.01.2017
Burak Kelebek
Low
Zimbra Cross Site Request Forgery
14.01.2017
Sysdream
Med.
Huawei Flybox B660 Cross Site Request Forgery
12.01.2017
Vulnerability Lab
Low
FMyLife Clone Script Pro Edition 1.1 Cross Site Request Forgery
11.01.2017
Ihsan Sencan
Med.
Dell SonicWALL Secure Mobile Access SMA 8.1 CSRF / XSS
31.12.2016
Gjoko 'LiquidWorm' Krs...
Low
WordPress Copy-Me 1.0.0 Cross Site Request Forgery
23.12.2016
Tom Adams
Low
WordPress Quiz And Survey Master 4.7.8 / 4.5.4 XSS / CSRF
17.12.2016
Tom Adams
Low
WordPress Multisite Post Duplicator 0.9.5.1 Cross Site Request Forgery
12.12.2016
Tom Adams
Med.
e107 2.1.2 Cross Site Request Forgery / Cross Site Scripting
02.12.2016
foxmole
Med.
Xfinity Gateway Cross Site Request Forgery
02.12.2016
Pabstersac
Low
WordPress Insert Html Snippet 1.2 Cross Site Request Forgery
30.11.2016
Yorick Koster
Low
Biesta Billing 4.0 Beta Cross Site Request Forgery / Traversal
29.11.2016
TaurusOmar
High
EasyPHP Devserver 16.1.1 Cross Site Request Forgery / Remote Command Execution
23.11.2016
hyp3rlinx
Med.
Siemens SIMATIC Cookie Settings / Cross Site Request Forgery
23.11.2016
Andrea Barisani
Med.
WordPress Instagram Feed 1.4.6.2 Cross Site Scripting / Cross Site Request Forgery
22.11.2016
Sipke Mellema
Med.
WordPress MailChimp 4.0.7 Cross Site Request Forgery / Cross Site Scripting
22.11.2016
Persian Hack Team
Med.
Joomla K2 2.7.1 Shell Upload / Cross Site Request Forgery
22.11.2016
Anti RA$?is
Low
WordPress Easy Facebook Like Box 4.3.0 CSRF / XSS
22.11.2016
Persian Hack Team
Med.
MyLittleForum 2.3.6.1 Cross Site Request Forgery
19.11.2016
Tim Coen
Med.
Lepton 2.2.2 Stable CSRF / Open Redirect / Password Handling
19.11.2016
Tim Coen
Med.
FUDforum 3.0.6 Cross Site Request Forgery / Cross Site Scripting
19.11.2016
Tim Coen
Low
ATutor 2.2.2 Cross Site Request Forgery
15.11.2016
Saravana Kumar
Low
WordPress Google Maps 6.3.14 Cross Site Request Forgery
12.11.2016
Sipke Mellema
Med.
NodCMS Cross Site Request Forgery
09.11.2016
Ashiyane Digital Secur...


CVEMAP Search Results

CVE
Details
Description
2015-02-23
Medium
CVE-2015-2048

Vendor: D-link
Software: Dcs-931l fir...
 

 
Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

 
2015-02-13
Medium
CVE-2014-0151

Vendor: Ovirt
Software: Ovirt
 

 
Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API request.

 
2015-02-11
Medium
CVE-2015-1580

Vendor: Redirection project
Software: Redirection
 

 
Multiple cross-site request forgery (CSRF) vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) source or (3) redir parameter in an add action in the redirection-page to wp-admin/options-general.php.

 
Medium
CVE-2015-1581

Vendor: Mobile domain project
Software: Mobile domain
 

 
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mobile Domain plugin 1.5.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) domain, (3) text, (4) font, (5) fontcolor, (6) color, or (7) padding parameter in an add-domain action in the mobile-domain page to wp-admin/options-general.php.

 
2015-02-04
Medium
CVE-2014-9331

Vendor: Zohocorp
Software: Manageengine...
 

 
Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATE_ID/1417736606982/roleMgmt.do.

 
Medium
CVE-2014-9041

Vendor: Owncloud
Software: Owncloud
 

 
The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks.

 
2015-02-01
Medium
CVE-2014-7270

Vendor: ASUS
Software: Rt-ac56s
 

 
Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users.

 
2015-01-27
Medium
CVE-2015-1374

Vendor: Ferretcms project
Software: Ferretcms
 

 
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct (1) cross-site scripting (XSS), (2) SQL injection, or (3) unrestricted file upload attacks.

 
2015-01-15
Medium
CVE-2014-7957

Vendor: Pods foundation
Software: PODS
 

 
Multiple cross-site request forgery (CSRF) vulnerabilities in the Pods plugin before 2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the toggled parameter in a toggle action in the pods-components page to wp-admin/admin.php, (2) delete a pod in a delete action in the pods page to wp-admin/admin.php, (3) reset pod settings and data via the pods_reset parameter in the pod-settings page to wp-admin/admin.php, (4) deactivate and reset pod data via the pods_reset_deactivate parameter in the pod-settings page to wp-admin/admin.php, (5) delete the admin role via the id parameter in a delete action in the pods-component-roles-and-capabilities page to wp-admin/admin.php, or (6) enable "roles and capabilities" in a toggle action in the pods-components page to wp-admin/admin.php.

 
Medium
CVE-2014-9587

Vendor: Roundcube
Software: Webmail
 

 
Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.

 

 


Copyright 2017, cxsecurity.com

 

Back to Top