Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-27 | CVE-2017-11679 | Cross-Site Request Forgery (CSRF) vulnerability in Hashtopus Project Hashtopus 1.5G Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action. | 8.8 |
| 2017-07-25 | CVE-2017-9413 | Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1 Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. | 8.8 |
| 2017-07-22 | CVE-2017-2273 | Cross-Site Request Forgery (CSRF) vulnerability in Buffalo Wmr-433 Firmware and Wmr-433W Firmware Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2017-07-21 | CVE-2017-9415 | Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1 Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view. | 7.5 |
| 2017-07-21 | CVE-2015-4639 | Cross-Site Request Forgery (CSRF) vulnerability in Koha Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name. | 8.8 |
| 2017-07-21 | CVE-2017-9930 | Cross-Site Request Forgery (CSRF) vulnerability in Greenpacket Dx-350 Firmware 2.8.9.5G1.4.8Atheeb Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP. | 8.8 |
| 2017-07-19 | CVE-2017-1218 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-07-19 | CVE-2016-7507 | Cross-Site Request Forgery (CSRF) vulnerability in Glpi-Project Glpi 0.90.4 Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application. | 8.0 |
| 2017-07-18 | CVE-2017-10961 | Cross-Site Request Forgery (CSRF) vulnerability in Vanderbilt Redcap REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components. | 8.8 |
| 2017-07-17 | CVE-2017-9810 | Cross-Site Request Forgery (CSRF) vulnerability in Kaspersky Anti-Virus for Linux Server 8.0.3.297 There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). | 8.8 |