Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-06 | CVE-2016-1170 | Cross-Site Request Forgery (CSRF) vulnerability in Hiniarata Casebook Plugin 0.9.2/0.9.3 Cross-site request forgery (CSRF) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to hijack the authentication of administrators. | 8.8 |
| 2016-04-05 | CVE-2016-1175 | Cross-Site Request Forgery (CSRF) vulnerability in Sharp Aquos Hn-Pp150 Firmware 1.02.00.04/1.03.01.04 Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users. | 4.3 |
| 2016-04-01 | CVE-2016-1168 | Cross-Site Request Forgery (CSRF) vulnerability in Aterm Wf800Hp Firmware 1.0.17 Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users. | 8.8 |
| 2016-04-01 | CVE-2016-1167 | Cross-Site Request Forgery (CSRF) vulnerability in Aterm Wg300Hp Firmware 1.0.8 Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users. | 8.8 |
| 2016-03-18 | CVE-2015-8152 | Cross-Site Request Forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager 12.1 Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script. | 8.0 |
| 2016-03-12 | CVE-2015-7446 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Flashsystem V9000 Firmware 7.4/7.5/7.6 Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.8 |
| 2016-03-03 | CVE-2016-1158 | Cross-Site Request Forgery (CSRF) vulnerability in Corega Cg-Wlbargmh Firmware and Cg-Wlbargnl Firmware Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH and CG-WLBARGNL devices allows remote attackers to hijack the authentication of administrators for requests that perform administrative functions. | 8.8 |
| 2016-02-25 | CVE-2015-5351 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token. | 8.8 |
| 2016-02-22 | CVE-2015-5338 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php. | 8.8 |
| 2016-02-17 | CVE-2016-1151 | Cross-Site Request Forgery (CSRF) vulnerability in Cybozu Office Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users. | 8.8 |