Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2016-01-22 CVE-2016-1134 Cross-Site Request Forgery (CSRF) vulnerability in Buffalotech products
Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to hijack the authentication of arbitrary users.
network
low complexity
buffalotech CWE-352
8.8
2016-01-15 CVE-2015-5007 Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Commerce
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
low complexity
ibm CWE-352
8.8
2016-01-15 CVE-2015-3946 Cross-Site Request Forgery (CSRF) vulnerability in Advantech Webaccess
Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
network
low complexity
advantech CWE-352
8.8
2016-01-10 CVE-2015-7465 Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz Reporting Service 6.0
Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
low complexity
ibm CWE-352
8.8
2016-01-05 CVE-2015-5445 Cross-Site Request Forgery (CSRF) vulnerability in HP Storeonce Backup System Software 3.13.0
Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
network
low complexity
hp CWE-352
8.8
2016-01-03 CVE-2015-5037 Cross-Site Request Forgery (CSRF) vulnerability in IBM Connections
Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
low complexity
ibm CWE-352
5.4
2016-01-02 CVE-2015-7407 Cross-Site Request Forgery (CSRF) vulnerability in IBM Mashups Center 3.0.0.1
Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
low complexity
ibm CWE-352
8.8
2015-12-31 CVE-2015-5990 Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Gs1900-10Hp Firmware 2.40
Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users.
network
low complexity
zyxel CWE-352
8.8
2015-12-31 CVE-2015-7284 Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Nbg-418N and Nbg-418N Firmware
Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users.
network
low complexity
zyxel CWE-352
8.0
2015-12-31 CVE-2015-7281 Cross-Site Request Forgery (CSRF) vulnerability in Readynet Solutions Wrt300N-Dd Firmware 1.0.26
Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD devices with firmware 1.0.26 allows remote attackers to hijack the authentication of arbitrary users.
network
low complexity
readynet-solutions CWE-352
8.8