Export limit exceeded: 357830 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 357830 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9323 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-12881 | 1 Spring Batch Admin Project | 1 Spring Batch Admin | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability. | ||||
| CVE-2017-12970 | 1 Apache2triad | 1 Apache2triad | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php. | ||||
| CVE-2017-1300 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-20 | N/A |
| IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162. | ||||
| CVE-2017-14011 | 1 Prominent | 2 Multiflex M10a Controller, Multiflex M10a Controller Firmware | 2025-04-20 | N/A |
| A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The application does not sufficiently verify requests, making it susceptible to cross-site request forgery. This may allow an attacker to execute unauthorized code, resulting in changes to the configuration of the device. | ||||
| CVE-2017-14048 | 1 Blackcat-cms | 1 Blackcat Cms | 2025-04-20 | N/A |
| BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. NOTE: this can be exploited via CSRF. | ||||
| CVE-2017-14092 | 1 Trendmicro | 1 Scanmail | 2025-04-20 | N/A |
| The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain. | ||||
| CVE-2017-14683 | 1 Geminabox Project | 1 Geminabox | 2025-04-20 | 8.8 High |
| geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload. | ||||
| CVE-2017-15516 | 1 Netapp | 1 Snapcenter Server | 2025-04-20 | N/A |
| NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface. | ||||
| CVE-2017-15645 | 1 Webmin | 1 Webmin | 2025-04-20 | N/A |
| CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands. | ||||
| CVE-2017-16244 | 1 Octobercms | 1 October | 2025-04-20 | N/A |
| Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable. | ||||
| CVE-2017-1631 | 1 Ibm | 1 Jazz For Service Management | 2025-04-20 | N/A |
| IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140. | ||||
| CVE-2017-17056 | 1 Zkteco | 1 Zktime Web | 2025-04-20 | N/A |
| The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the old_password, new_password1, and new_password2 parameters to the /accounts/password_change/ URI. An attacker takes advantage of this scenario and creates a crafted CSRF link to add himself as an administrator to the ZKTime Web Software. He then uses social engineering methods to trick the administrator into clicking the forged HTTP request. The request is executed and the attacker becomes the Administrator of the ZKTime Web Software. If the vulnerability is successfully exploited, then an attacker (who would be a normal user of the web application) can escalate his privileges and become the administrator of ZKTime Web Software. | ||||
| CVE-2017-17774 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| admin/configuration.php in Piwigo 2.9.2 has CSRF. | ||||
| CVE-2017-17827 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration§ion=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions. | ||||
| CVE-2017-17891 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2025-04-20 | N/A |
| Readymade Video Sharing Script has CSRF via user-profile-edit.php. | ||||
| CVE-2017-17894 | 1 Basic Job Site Script Project | 1 Basic Job Site Script | 2025-04-20 | N/A |
| Readymade Job Site Script has CSRF via the /job URI. | ||||
| CVE-2017-17903 | 1 Fortunescripts | 1 Lynda Clone | 2025-04-20 | N/A |
| FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel. | ||||
| CVE-2017-17905 | 1 Car Rental Script Project | 1 Car Rental Script | 2025-04-20 | N/A |
| PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. | ||||
| CVE-2017-17908 | 1 Responsive Realestate Script Project | 1 Responsive Realestate Script | 2025-04-20 | N/A |
| PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general. | ||||
| CVE-2017-17930 | 1 Ordermanagementscript | 1 Professional Service Script | 2025-04-20 | N/A |
| PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel. | ||||