Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-10 | CVE-2016-4494 | Cross-Site Request Forgery (CSRF) vulnerability in KMC Controls Bac-5051E Firmware Cross-site request forgery (CSRF) vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file. | 8.8 |
| 2016-05-31 | CVE-2016-4506 | Cross-Site Request Forgery (CSRF) vulnerability in Resourcedm Intuitive 650 TDB Controller 2.1 Cross-site request forgery (CSRF) vulnerability on Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allows remote authenticated users to hijack the authentication of arbitrary users. | 8.0 |
| 2016-05-31 | CVE-2016-2285 | Cross-Site Request Forgery (CSRF) vulnerability in Moxa products Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allows remote attackers to hijack the authentication of arbitrary users. | 8.8 |
| 2016-05-22 | CVE-2016-2157 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins. | 8.8 |
| 2016-04-30 | CVE-2016-1201 | Cross-Site Request Forgery (CSRF) vulnerability in Lockon Ec-Cube Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators. | 8.8 |
| 2016-04-20 | CVE-2016-0891 | Cross-Site Request Forgery (CSRF) vulnerability in EMC Vipr SRM 3.6.0/3.6.4 Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators. | 8.8 |
| 2016-04-08 | CVE-2015-6541 | Cross-Site Request Forgery (CSRF) vulnerability in Zimbra Collaboration Server Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest. | 8.8 |
| 2016-04-06 | CVE-2016-1174 | Cross-Site Request Forgery (CSRF) vulnerability in Hiniarata Casebook Plugin 0.9.2 Cross-site request forgery (CSRF) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators. | 8.8 |
| 2016-04-06 | CVE-2016-1172 | Cross-Site Request Forgery (CSRF) vulnerability in Hiniarata Casebook Plugin 0.9.2 Cross-site request forgery (CSRF) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators. | 8.8 |
| 2016-04-06 | CVE-2016-1170 | Cross-Site Request Forgery (CSRF) vulnerability in Hiniarata Casebook Plugin 0.9.2/0.9.3 Cross-site request forgery (CSRF) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to hijack the authentication of administrators. | 8.8 |