Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2017-03-13 CVE-2017-6080 Cross-Site Request Forgery (CSRF) vulnerability in Zammad
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers.
network
low complexity
zammad CWE-352
critical
9.8
2017-03-12 CVE-2017-6819 Cross-Site Request Forgery (CSRF) vulnerability in Wordpress
In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources.
network
low complexity
wordpress CWE-352
6.5
2017-03-07 CVE-2016-9730 Cross-Site Request Forgery (CSRF) vulnerability in IBM products
IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
4.3
2017-03-06 CVE-2017-6411 Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dsl-2730U Firmware In1.00
Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password.
network
low complexity
dlink CWE-352
8.8
2017-03-06 CVE-2017-5633 Cross-Site Request Forgery (CSRF) vulnerability in D-Link Di-524 Firmware 9.01
Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs.
network
low complexity
d-link CWE-352
8.0
2017-03-03 CVE-2015-8814 Cross-Site Request Forgery (CSRF) vulnerability in Umbraco 7.3.8
Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file.
network
low complexity
umbraco CWE-352
8.8
2017-03-03 CVE-2016-10206 Cross-Site Request Forgery (CSRF) vulnerability in Zoneminder
Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php.
network
low complexity
zoneminder CWE-352
8.8
2017-02-27 CVE-2017-2682 Cross-Site Request Forgery (CSRF) vulnerability in Siemens Ruggedcom Network Management Software 2.0.2
The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request.
network
low complexity
siemens CWE-352
8.8
2017-02-24 CVE-2016-9975 Cross-Site Request Forgery (CSRF) vulnerability in IBM Dashboard Application Services HUB 3.1.2.1/3.1.3
IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-02-21 CVE-2017-6127 Cross-Site Request Forgery (CSRF) vulnerability in Digisol Dg-Hr1400 Firmware 1.00.02
Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2) change the Wi-Fi password, or (3) possibly have unspecified other impact via crafted requests to form2WlanBasicSetup.cgi.
network
low complexity
digisol CWE-352
8.8