Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2016-02-13 CVE-2016-0863 Cross-Site Request Forgery (CSRF) vulnerability in Tollgrade Smartgrid Lighthouse Sensor Management System 4.1.0/5.0
Cross-site request forgery (CSRF) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to hijack the authentication of arbitrary users.
network
low complexity
tollgrade CWE-352
8.8
2016-02-10 CVE-2016-0948 Cross-Site Request Forgery (CSRF) vulnerability in Adobe Connect
Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
network
low complexity
adobe CWE-352
8.8
2016-02-10 CVE-2015-7678 Cross-Site Request Forgery (CSRF) vulnerability in Ipswitch Moveit Mobile 1.2.0.962
Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
network
low complexity
ipswitch CWE-352
8.8
2016-02-03 CVE-2015-7537 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.
network
low complexity
redhat jenkins CWE-352
8.8
2016-02-01 CVE-2016-2199 Cross-Site Request Forgery (CSRF) vulnerability in Mcafee vulnerability Manager
Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors.
network
low complexity
mcafee CWE-352
8.8
2016-01-30 CVE-2016-1139 Cross-Site Request Forgery (CSRF) vulnerability in Kddi Home Spot Cube Firmware 2.0
Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
network
high complexity
kddi CWE-352
7.5
2016-01-26 CVE-2015-8379 Cross-Site Request Forgery (CSRF) vulnerability in Cakephp
CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.
network
low complexity
cakephp CWE-352
8.8
2016-01-22 CVE-2016-1134 Cross-Site Request Forgery (CSRF) vulnerability in Buffalotech products
Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to hijack the authentication of arbitrary users.
network
low complexity
buffalotech CWE-352
8.8
2016-01-15 CVE-2015-5007 Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Commerce
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
low complexity
ibm CWE-352
8.8
2016-01-15 CVE-2015-3946 Cross-Site Request Forgery (CSRF) vulnerability in Advantech Webaccess
Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
network
low complexity
advantech CWE-352
8.8