Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cross-site request forgery vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-6607
M/Monit 3.3.2 and previous versions does not verify the original password before changing passwords, which allows remote malicious users to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-640...
Mmonit M/monit
1 EDB exploit
NA
CVE-2015-4460
Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box prior to 4.0.0 (r19171) allows remote malicious users to hijack the authentication of administrators for requests that add administrator accounts via certain vectors...
Boxautomation C2box
1 EDB exploit
NA
CVE-2014-6409
Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update.
Mmonit M/monit
1 EDB exploit
NA
CVE-2014-2579
Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) ...
Xcloner Xcloner
1 EDB exploit
8.8
CVSSv3
CVE-2018-5720
An issue exists on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. A Cross-site request forgery (CSRF) vulnerability allows remote malicious users to hijack the authentication of users for requests that modify all the settings. This vulne...
Dodocool Dc38 Firmware Rtn2-aw.gd.r3465.1.20161103
1 EDB exploit
8.8
CVSSv3
CVE-2018-6023
Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc.
Fastweb Fastgate Firmware 0.00.47
1 EDB exploit
8.8
CVSSv3
CVE-2017-5264
Versions of Nexpose before 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.
Rapid7 Nexpose
1 EDB exploit
NA
CVE-2012-6493
Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console prior to 5.5.4 allows remote malicious users to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.
Rapid7 Nexpose
Rapid7 Nexpose 5.4.1
Rapid7 Nexpose 5.4
Rapid7 Nexpose 5.4.10
Rapid7 Nexpose 5.4.9
Rapid7 Nexpose 5.4.12
Rapid7 Nexpose 5.4.8
Rapid7 Nexpose 5.4.2
Rapid7 Nexpose 5.5.1
Rapid7 Nexpose 5.4.4
Rapid7 Nexpose 5.4.7
Rapid7 Nexpose 5.4.5
Rapid7 Nexpose 5.4.11
Rapid7 Nexpose 5.4.6
Rapid7 Nexpose 5.4.3
1 EDB exploit
8.8
CVSSv3
CVE-2019-14346
Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password.
Schben Adive 2.0.7
1 EDB exploit
8.8
CVSSv3
CVE-2018-7746
An issue exists in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin.
Cobub Razor 0.7.2
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »