Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2015-12-31 CVE-2015-7278 Cross-Site Request Forgery (CSRF) vulnerability in Ampedwireless R10000 Firmware 2.5.2.11
Cross-site request forgery (CSRF) vulnerability on Amped Wireless R10000 devices with firmware 2.5.2.11 allows remote attackers to hijack the authentication of arbitrary users.
network
low complexity
ampedwireless CWE-352
8.8
2015-12-31 CVE-2015-5996 Cross-Site Request Forgery (CSRF) vulnerability in Mediabridge Medialink Mwn-Wapr300N Firmware 5.07.50
Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users.
network
low complexity
mediabridge CWE-352
8.8
2015-12-31 CVE-2015-2912 Cross-Site Request Forgery (CSRF) vulnerability in Orientdb 2.0.14/2.1.0
The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.
network
low complexity
orientdb CWE-352
8.8
2015-12-23 CVE-2015-7925 Cross-Site Request Forgery (CSRF) vulnerability in Ewon Firmware 10.0S0
Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot.
network
low complexity
ewon CWE-352
8.0
2015-12-23 CVE-2015-7936 Cross-Site Request Forgery (CSRF) vulnerability in Motorola Moscad IP Gateway Firmware
Cross-site request forgery (CSRF) vulnerability in Motorola Solutions MOSCAD IP Gateway allows remote attackers to hijack the authentication of administrators for requests that modify a password.
network
low complexity
motorola CWE-352
7.5
2015-04-18 CVE-2015-0970 Cross-Site Request Forgery (CSRF) vulnerability in Searchblox
Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.
network
low complexity
searchblox CWE-352
8.8
2015-01-13 CVE-2014-100005 Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-600 Firmware 2.16Ww
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev.
network
low complexity
dlink CWE-352
8.8
2009-10-22 CVE-2009-3759 Cross-Site Request Forgery (CSRF) vulnerability in Citrix Xencenterweb
Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php.
network
low complexity
citrix CWE-352
8.8
2009-10-01 CVE-2009-3520 Cross-Site Request Forgery (CSRF) vulnerability in Cmsphp Project Cmsphp 0.21
Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administrator password via the pseudo, pwd, and uid parameters in an admin_info_user_verif action.
network
low complexity
cmsphp-project CWE-352
8.8
2009-08-31 CVE-2009-3022 Cross-Site Request Forgery (CSRF) vulnerability in Itd-Inc Bingo!Cms 1.0/1.1/1.2
Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors.
network
low complexity
itd-inc CWE-352
6.5