Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-25 | CVE-2015-5351 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token. | 8.8 |
| 2016-02-22 | CVE-2015-5338 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php. | 8.8 |
| 2016-02-17 | CVE-2016-1151 | Cross-Site Request Forgery (CSRF) vulnerability in Cybozu Office Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users. | 8.8 |
| 2016-02-15 | CVE-2015-5050 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Contract Management Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.8 |
| 2016-02-13 | CVE-2016-0863 | Cross-Site Request Forgery (CSRF) vulnerability in Tollgrade Smartgrid Lighthouse Sensor Management System 4.1.0/5.0 Cross-site request forgery (CSRF) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to hijack the authentication of arbitrary users. | 8.8 |
| 2016-02-10 | CVE-2016-0948 | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Connect Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 8.8 |
| 2016-02-10 | CVE-2015-7678 | Cross-Site Request Forgery (CSRF) vulnerability in Ipswitch Moveit Mobile 1.2.0.962 Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 8.8 |
| 2016-02-03 | CVE-2015-7537 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method. | 8.8 |
| 2016-02-01 | CVE-2016-2199 | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee vulnerability Manager Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. | 8.8 |
| 2016-01-30 | CVE-2016-1139 | Cross-Site Request Forgery (CSRF) vulnerability in Kddi Home Spot Cube Firmware 2.0 Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 7.5 |