Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cross-site request forgery vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-5720
An issue exists on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. A Cross-site request forgery (CSRF) vulnerability allows remote malicious users to hijack the authentication of users for requests that modify all the settings. This vulne...
Dodocool Dc38 Firmware Rtn2-aw.gd.r3465.1.20161103
1 EDB exploit
8.8
CVSSv3
CVE-2018-6023
Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc.
Fastweb Fastgate Firmware 0.00.47
1 EDB exploit
NA
CVE-2014-2579
Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) ...
Xcloner Xcloner
1 EDB exploit
8.8
CVSSv3
CVE-2016-0891
Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM prior to 3.7 allow remote malicious users to hijack the authentication of administrators.
Emc Vipr Srm
1 EDB exploit
NA
CVE-2015-4460
Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box prior to 4.0.0 (r19171) allows remote malicious users to hijack the authentication of administrators for requests that add administrator accounts via certain vectors...
Boxautomation C2box
1 EDB exploit
NA
CVE-2012-6493
Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console prior to 5.5.4 allows remote malicious users to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.
Rapid7 Nexpose
Rapid7 Nexpose 5.5.1
Rapid7 Nexpose 5.4.12
Rapid7 Nexpose 5.4.11
Rapid7 Nexpose 5.4.10
Rapid7 Nexpose 5.4.5
Rapid7 Nexpose 5.4.4
Rapid7 Nexpose 5.4.3
Rapid7 Nexpose 5.4.2
Rapid7 Nexpose 5.4.9
Rapid7 Nexpose 5.4.7
Rapid7 Nexpose 5.4
Rapid7 Nexpose 5.4.8
Rapid7 Nexpose 5.4.6
Rapid7 Nexpose 5.4.1
1 EDB exploit
7.5
CVSSv3
CVE-2017-9415
Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view.
Subsonic Subsonic 6.1.1
1 EDB exploit
8.8
CVSSv3
CVE-2018-19135
ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an malicious user to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by de...
Clippercms Clippercms 1.3.3
1 EDB exploit
8.8
CVSSv3
CVE-2018-14029
CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an malicious user to take over a user account, as demonstrated by modifying the account's email field.
Creatiwity Witycms 0.6.2
1 EDB exploit
8.8
CVSSv3
CVE-2017-1000499
phpMyAdmin versions 4.7.x (before 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.
Phpmyadmin Phpmyadmin
1 EDB exploit
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »