Search Results (9425 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-5473 1 Ntop 1 Ntopng 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua.
CVE-2014-3709 1 Keycloak 1 Keycloak 2025-04-20 N/A
The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection.
CVE-2014-9136 1 Huawei 11 Fusionmanager, Usg2100, Usg2100 Firmware and 8 more 2025-04-20 N/A
Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.
CVE-2014-9137 1 Huawei 11 Fusionmanager, Usg2100, Usg2100 Firmware and 8 more 2025-04-20 N/A
Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.
CVE-2015-2142 1 Phpbugtracker Project 1 Phpbugtracker 2025-04-20 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, (2) hijack the authentication of users for requests that cause an unspecified impact via the group_id parameter to group.php, (3) hijack the authentication of users for requests that delete statuses via the status_id parameter to status.php, (4) hijack the authentication of users for requests that delete severities via the severity_id parameter to severity.php, (5) hijack the authentication of users for requests that cause an unspecified impact via the priority_id parameter to priority.php, (6) hijack the authentication of users for requests that delete the operating system via the os_id parameter to os.php, (7) hijack the authentication of users for requests that delete databases via the database_id parameter to database.php, or (8) hijack the authentication of users for requests that delete sites via the site_id parameter to sites.php.
CVE-2015-2143 1 Phpbugtracker Project 1 Phpbugtracker 2025-04-20 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecified impact via unknown parameters.
CVE-2015-2878 1 Watchguard 1 Hawkeye G 2025-04-20 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist.
CVE-2015-4619 1 Denkgroot 1 Spina 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75.
CVE-2015-4639 1 Koha 1 Koha 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name.
CVE-2015-4697 1 Sumo 1 Google Analyticator 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in Google Analyticator Wordpress Plugin before 6.4.9.3 rev @1183563.
CVE-2015-5395 2 Alinto, Debian 2 Sogo, Debian Linux 2025-04-20 8.8 High
Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.
CVE-2015-5607 2 Fedoraproject, Ipython 2 Fedora, Ipython 2025-04-20 N/A
Cross-site request forgery in the REST API in IPython 2 and 3.
CVE-2015-7293 2 Plone, Zope 2 Plone, Zope Management Interface 2025-04-20 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.
CVE-2015-8255 1 Axis 1 Axis Communications Firmware 2025-04-20 N/A
AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi.
CVE-2015-8814 1 Umbraco 1 Umbraco 2025-04-20 N/A
Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file.
CVE-2016-10701 1 Hitachivantara 1 Pentaho Business Analytics 2025-04-20 N/A
In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application.
CVE-2016-2965 1 Ibm 1 Sametime 2025-04-20 N/A
IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846.
CVE-2016-3029 1 Ibm 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 2 more 2025-04-20 N/A
IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE-2016-4907 1 Cybozu 1 Garoon 2025-04-20 N/A
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
CVE-2016-3691 1 Kallithea-scm 1 Kallithea 2025-04-20 N/A
Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method.