Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2017-01-14 CVE-2017-5475 Cross-Site Request Forgery (CSRF) vulnerability in S9Y Serendipity
comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.
network
low complexity
s9y CWE-352
8.8
2017-01-14 CVE-2017-5473 Cross-Site Request Forgery (CSRF) vulnerability in Ntop Ntopng
Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua.
network
low complexity
ntop CWE-352
8.8
2017-01-11 CVE-2016-4808 Cross-Site Request Forgery (CSRF) vulnerability in Web2Py
Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim.
network
low complexity
web2py CWE-352
8.8
2017-01-10 CVE-2015-4593 Cross-Site Request Forgery (CSRF) vulnerability in Eclinicalworks Population Health
eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users, appointments and employees.
network
low complexity
eclinicalworks CWE-352
8.8
2016-12-17 CVE-2016-7454 Cross-Site Request Forgery (CSRF) vulnerability in Technicolor Xfinity Gateway Router Dpc3941T Firmware Dpc3941P2018V303R20421733160413Acmcst
CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remote management interface, or reset the router.
low complexity
technicolor CWE-352
8.0
2016-12-15 CVE-2016-7885 Cross-Site Request Forgery (CSRF) vulnerability in Adobe Experience Manager
Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks.
network
low complexity
adobe CWE-352
8.8
2016-12-14 CVE-2016-6277 Cross-Site Request Forgery (CSRF) vulnerability in Netgear products
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
network
low complexity
netgear CWE-352
8.8
2016-12-14 CVE-2016-6468 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Emergency Responder 11.5(1.10000.4)
A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.
network
low complexity
cisco CWE-352
8.8
2016-12-11 CVE-2016-9866 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
low complexity
phpmyadmin CWE-352
critical
9.8
2016-11-30 CVE-2016-2884 Cross-Site Request Forgery (CSRF) vulnerability in IBM Forms Experience Builder
Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
low complexity
ibm CWE-352
8.0