Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2017-01-18 CVE-2016-3406 Cross-Site Request Forgery (CSRF) vulnerability in Synacor Zimbra Collaboration Suite
Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456.
network
low complexity
synacor CWE-352
8.8
8.8
2017-01-18 CVE-2016-6897 Cross-Site Request Forgery (CSRF) vulnerability in Wordpress
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896.
network
low complexity
wordpress CWE-352
6.5
6.5
2017-01-18 CVE-2016-7980 Cross-Site Request Forgery (CSRF) vulnerability in Spip
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request.
network
low complexity
spip CWE-352
8.8
8.8
2017-01-16 CVE-2016-7904 Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request.
network
low complexity
cmsmadesimple CWE-352
8.0
8.0
2017-01-15 CVE-2017-5492 Cross-Site Request Forgery (CSRF) vulnerability in Wordpress
Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php.
network
low complexity
wordpress CWE-352
8.8
8.8
2017-01-15 CVE-2017-5489 Cross-Site Request Forgery (CSRF) vulnerability in Wordpress
Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload.
network
low complexity
wordpress CWE-352
8.8
8.8
2017-01-14 CVE-2016-8201 Cross-Site Request Forgery (CSRF) vulnerability in Brocade Virtual Traffic Manager 11.0
A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster.
network
low complexity
brocade CWE-352
8.0
8.0
2017-01-14 CVE-2017-5476 Cross-Site Request Forgery (CSRF) vulnerability in S9Y Serendipity
Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.
network
low complexity
s9y CWE-352
8.8
8.8
2017-01-14 CVE-2017-5475 Cross-Site Request Forgery (CSRF) vulnerability in S9Y Serendipity
comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.
network
low complexity
s9y CWE-352
8.8
8.8
2017-01-14 CVE-2017-5473 Cross-Site Request Forgery (CSRF) vulnerability in Ntop Ntopng
Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua.
network
low complexity
ntop CWE-352
8.8
8.8