Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-08 | CVE-2017-9519 | Cross-Site Request Forgery (CSRF) vulnerability in Atmail atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account. | 8.8 |
| 2017-06-08 | CVE-2017-9518 | Cross-Site Request Forgery (CSRF) vulnerability in Atmail atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails. | 8.8 |
| 2017-06-08 | CVE-2017-9517 | Cross-Site Request Forgery (CSRF) vulnerability in Atmail atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV. | 8.8 |
| 2017-06-05 | CVE-2017-9444 | Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS BigTree CMS through 4.2.18 has CSRF related to the core\admin\modules\users\profile\update.php script (modify user information), the index.php/admin/developer/packages/delete/ URI (remove packages), the index.php/admin/developer/upgrade/ignore/?versions= URI, and the index.php/admin/developer/upgrade/set-ftp-directory/ URI. | 8.8 |
| 2017-06-05 | CVE-2017-8836 | Cross-Site Request Forgery (CSRF) vulnerability in Peplink products CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. | 8.8 |
| 2017-06-04 | CVE-2016-8229 | Cross-Site Request Forgery (CSRF) vulnerability in Lenovo Service Bridge A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed. | 8.8 |
| 2017-06-02 | CVE-2017-9379 | Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php. | 8.8 |
| 2017-06-02 | CVE-2017-9365 | Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. | 8.8 |
| 2017-05-29 | CVE-2017-7917 | Cross-Site Request Forgery (CSRF) vulnerability in Moxa products A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. | 8.8 |
| 2017-05-26 | CVE-2017-9033 | Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Serverprotect 3.0 Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoption_set.cgi, related to the lack of anti-CSRF tokens. | 8.8 |