Total
8685 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16563 | 1 Grandstream | 2 Ht802, Ht802 Firmware | 2025-04-20 | N/A |
| Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. | ||||
| CVE-2017-1631 | 1 Ibm | 1 Jazz For Service Management | 2025-04-20 | N/A |
| IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140. | ||||
| CVE-2017-15808 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. | ||||
| CVE-2017-15733 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php. | ||||
| CVE-2017-15732 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php. | ||||
| CVE-2017-15731 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php. | ||||
| CVE-2017-15730 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php. | ||||
| CVE-2017-15729 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary. | ||||
| CVE-2017-15734 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php. | ||||
| CVE-2017-15645 | 1 Webmin | 1 Webmin | 2025-04-20 | N/A |
| CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands. | ||||
| CVE-2017-15516 | 1 Netapp | 1 Snapcenter Server | 2025-04-20 | N/A |
| NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface. | ||||
| CVE-2017-15296 | 1 Sap | 1 Customer Relationship Management | 2025-04-20 | N/A |
| The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. | ||||
| CVE-2017-15084 | 1 Rapid7 | 1 Metasploit | 2025-04-20 | N/A |
| The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22. | ||||
| CVE-2017-15063 | 1 Intelliants | 1 Subrion | 2025-04-20 | N/A |
| There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database. | ||||
| CVE-2017-14925 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-20 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site. | ||||
| CVE-2017-14530 | 1 Crony Cronjob Manager Project | 1 Crony Cronjob Manager | 2025-04-20 | 8.0 High |
| WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordPress has CSRF via the name parameter in an action=manage&do=create operation, as demonstrated by inserting XSS sequences. | ||||
| CVE-2017-1442 | 1 Ibm | 1 Emptoris Services Procurement | 2025-04-20 | N/A |
| IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 128107. | ||||
| CVE-2017-14362 | 1 Microfocus | 1 Project And Portfolio Management | 2025-04-20 | N/A |
| Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack. | ||||
| CVE-2017-14048 | 1 Blackcat-cms | 1 Blackcat Cms | 2025-04-20 | N/A |
| BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. NOTE: this can be exploited via CSRF. | ||||
| CVE-2017-14011 | 1 Prominent | 2 Multiflex M10a Controller, Multiflex M10a Controller Firmware | 2025-04-20 | N/A |
| A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The application does not sufficiently verify requests, making it susceptible to cross-site request forgery. This may allow an attacker to execute unauthorized code, resulting in changes to the configuration of the device. | ||||