Export limit exceeded: 10441 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10028 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10028 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-5145 | 1 Carlosgavazzi | 4 Vmu-c Em, Vmu-c Em Firmware, Vmu-c Pv and 1 more | 2025-04-20 | N/A |
| An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulnerability can allow execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration. | ||||
| CVE-2017-5156 | 1 Aveva | 1 Wonderware Intouch Access Anywhere | 2025-04-20 | 8.8 High |
| A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user. | ||||
| CVE-2017-6086 | 1 Vimbadmin | 1 Vimbadmin | 2025-04-20 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to <vimbadmin directory>/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to <vimbadmin directory>/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to <vimbadmin directory>/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to <vimbadmin directory>/application/controllers/AliasController.php. | ||||
| CVE-2017-6081 | 1 Zammad | 1 Zammad | 2025-04-20 | N/A |
| A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie. | ||||
| CVE-2017-5165 | 1 Binom3 | 2 Universal Multifunctional Electric Power Quality Meter, Universal Multifunctional Electric Power Quality Meter Firmware | 2025-04-20 | N/A |
| An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per (sensitive) function. Successful exploitation of this vulnerability can allow silent execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration. | ||||
| CVE-2017-6080 | 1 Zammad | 1 Zammad | 2025-04-20 | N/A |
| An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie and receive the result. | ||||
| CVE-2017-6069 | 1 Intelliants | 1 Subrion Cms | 2025-04-20 | N/A |
| Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter. | ||||
| CVE-2017-5169 | 1 Hanwha-security | 1 Smart Security Manager | 2025-04-20 | 7.5 High |
| An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. | ||||
| CVE-2017-6068 | 1 Intelliants | 1 Subrion Cms | 2025-04-20 | N/A |
| Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter. | ||||
| CVE-2017-6066 | 1 Intelliants | 1 Subrion Cms | 2025-04-20 | N/A |
| Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter. | ||||
| CVE-2017-6042 | 1 Sierra Wireless | 4 Airlink Raven Xe, Airlink Raven Xe Firmware, Airlink Raven Xt and 1 more | 2025-04-20 | N/A |
| A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request. | ||||
| CVE-2017-6038 | 1 Belden Hirschmann | 2 Gecko Lite Managed Switch, Gecko Lite Managed Switch Firmware | 2025-04-20 | N/A |
| A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request. | ||||
| CVE-2017-6032 | 1 Schneider-electric | 2 Modbus, Modbus Firmware | 2025-04-20 | N/A |
| A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks. | ||||
| CVE-2017-6002 | 1 Intelliants | 1 Subrion Cms | 2025-04-20 | N/A |
| Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter. | ||||
| CVE-2017-5959 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | N/A |
| CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token. | ||||
| CVE-2017-5943 | 1 Bestpractical | 1 Request Tracker | 2025-04-20 | N/A |
| Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL. | ||||
| CVE-2017-5891 | 1 Asus | 2 Rt-ac1750, Rt-ac1750 Firmware | 2025-04-20 | N/A |
| ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF. | ||||
| CVE-2017-5874 | 2 D-link, Dlink | 2 Dir-600m Firmware, Dir-600m | 2025-04-20 | N/A |
| CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact. | ||||
| CVE-2017-5244 | 1 Rapid7 | 1 Metasploit | 2025-04-20 | N/A |
| Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks. | ||||
| CVE-2016-3734 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read. | ||||