Vulnerabilities > Cross-Site Request Forgery (CSRF)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-02-13 | CVE-2016-0863 | Cross-Site Request Forgery (CSRF) vulnerability in Tollgrade Smartgrid Lighthouse Sensor Management System 4.1.0/5.0 Cross-site request forgery (CSRF) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to hijack the authentication of arbitrary users. | 8.8 |
2016-02-10 | CVE-2016-0948 | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Connect Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 8.8 |
2016-02-10 | CVE-2015-7678 | Cross-Site Request Forgery (CSRF) vulnerability in Ipswitch Moveit Mobile 1.2.0.962 Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 8.8 |
2016-02-03 | CVE-2015-7537 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method. | 8.8 |
2016-02-01 | CVE-2016-2199 | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee vulnerability Manager Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. | 8.8 |
2016-01-30 | CVE-2016-1139 | Cross-Site Request Forgery (CSRF) vulnerability in Kddi Home Spot Cube Firmware 2.0 Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 7.5 |
2016-01-26 | CVE-2015-8379 | Cross-Site Request Forgery (CSRF) vulnerability in Cakephp CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter. | 8.8 |
2016-01-22 | CVE-2016-1134 | Cross-Site Request Forgery (CSRF) vulnerability in Buffalotech products Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to hijack the authentication of arbitrary users. | 8.8 |
2016-01-15 | CVE-2015-5007 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Commerce Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.8 |
2016-01-15 | CVE-2015-3946 | Cross-Site Request Forgery (CSRF) vulnerability in Advantech Webaccess Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 8.8 |