Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

cross-site request forgery vulnerabilities and exploits

(subscribe to this query)

6.8
CVSSv2
CVE-2017-5943
Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL....
Bestpractical Request Tracker 4.0.9Bestpractical Request Tracker 4.0.10Bestpractical Request Tracker 4.0.11Bestpractical Request Tracker 4.0.12Bestpractical Request Tracker 4.2.0Bestpractical Request Tracker 4.2.1Bestpractical Request Tracker 4.2.2Bestpractical Request Tracker 4.2.3Bestpractical Request Tracker 4.2.4Bestpractical Request Tracker 4.0.6Bestpractical Request Tracker 4.0.8Bestpractical Request Tracker 4.0.13Bestpractical Request Tracker 4.0.15Bestpractical Request Tracker 4.0.22Bestpractical Request Tracker 4.0.24Bestpractical Request Tracker 4.2.6Bestpractical Request Tracker 4.2.8Bestpractical Request Tracker 4.2.13Bestpractical Request Tracker 4.4.0Bestpractical Request Tracker 4.0.0Bestpractical Request Tracker 4.0.1Bestpractical Request Tracker 4.0.2Bestpractical Request Tracker 4.0.3Bestpractical Request Tracker 4.0.4Bestpractical Request Tracker 4.0.17Bestpractical Request Tracker 4.0.18Bestpractical Request Tracker 4.0.19Bestpractical Request Tracker 4.0.20Bestpractical Request Tracker 4.2.9Bestpractical Request Tracker 4.2.10Bestpractical Request Tracker 4.2.11Bestpractical Request Tracker 4.2.12Bestpractical Request Tracker 4.0.5Bestpractical Request Tracker 4.0.7Bestpractical Request Tracker 4.0.14Bestpractical Request Tracker 4.0.16Bestpractical Request Tracker 4.0.21Bestpractical Request Tracker 4.0.23Bestpractical Request Tracker 4.2.5Bestpractical Request Tracker 4.2.7Bestpractical Request Tracker 4.4.1
4.3
CVSSv2
CVE-2022-34815
A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs....
Jenkins Request Rename Or Delete
NA
CVE-2023-24434
A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...
Jenkins Github Pull Request Builder
6.8
CVSSv2
CVE-2011-1397
Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service...
Ibm Maximo Asset Management 6.2Ibm Maximo Asset Management 7.5Ibm Maximo Asset Management 7.1Ibm Maximo Asset Management Essentials 7.5Ibm Maximo Asset Management Essentials 6.2Ibm Maximo Asset Management Essentials 7.1Ibm Tivoli Asset Management For It 7.1Ibm Tivoli Asset Management For It 7.2Ibm Tivoli Asset Management For It 6.2Ibm Trivoli Service Request Manager 7.1Ibm Trivoli Service Request Manager 7.2Ibm Maximo Service Desk 6.2Ibm Tivoli Change And Configuration Management Database 6.2Ibm Tivoli Change And Configuration Management Database 7.1Ibm Tivoli Change And Configuration Management Database 7.2
6.8
CVSSv2
CVE-2012-0714
Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB),...
Ibm Maximo Asset Management 7.5.0.0Ibm Smartcloud Control Desk 7.0Ibm Maximo Service Desk 6.2Ibm Change And Configuration Management Database 6.0Ibm Tivoli Asset Management For It 6.0Ibm Tivoli Service Request Manager 7.0Ibm Tivoli Asset Management For It 7.2Ibm Tivoli Asset Management For It 7.0Ibm Maximo Asset Management 6.2.0.0Ibm Tivoli Asset Management For It 6.2Ibm Tivoli Asset Management For It 7.1Ibm Change And Configuration Management Database 7.0Ibm Maximo Asset Management 7.1.0.0
4.3
CVSSv2
CVE-2014-4671
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file...
Adobe Flash Player 11.2.202.291Adobe Flash Player 11.2.202.285Adobe Flash Player 11.2.202.280Adobe Flash Player 11.2.202.275Adobe Flash Player 11.2.202.359Adobe Flash Player 11.2.202.356Adobe Flash Player 11.2.202.335Adobe Flash Player 11.2.202.310Adobe Flash Player 11.2.202.270Adobe Flash Player 11.2.202.261Adobe Flash Player 11.2.202.236Adobe Flash Player 11.2.202.233Adobe Flash Player 11.2.202.223Adobe Flash Player 11.2.202.350Adobe Flash Player 11.2.202.346Adobe Flash Player 11.2.202.341Adobe Flash Player 11.2.202.336Adobe Flash Player 11.2.202.258Adobe Flash Player 11.2.202.251Adobe Flash Player 11.2.202.243Adobe Flash Player 11.2.202.238Adobe Flash PlayerAdobe Flash Player 11.2.202.332Adobe Flash Player 11.2.202.297Adobe Flash Player 11.2.202.273Adobe Flash Player 11.2.202.262Adobe Flash Player 11.2.202.235Adobe Flash Player 11.2.202.228Adobe Adobe AirAdobe Adobe Air 13.0.0.83Adobe Adobe Air 13.0.0.111Adobe Adobe Air SdkAdobe Adobe Air Sdk 13.0.0.111Adobe Adobe Air Sdk 13.0.0.83Adobe Flash Player 13.0.0.201Adobe Flash Player 13.0.0.206Adobe Flash Player 13.0.0.214Adobe Flash Player 14.0.0.125Adobe Flash Player 13.0.0.182
6.8
CVSSv2
CVE-2017-5489
Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload....
Wordpress Wordpress
6.8
CVSSv2
CVE-2016-4430
Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors....
Apache Struts 2.3.28.1Apache Struts 2.3.20Apache Struts 2.3.20.3Apache Struts 2.3.20.1Apache Struts 2.3.28Apache Struts 2.3.24.3Apache Struts 2.3.24.1Apache Struts 2.3.24
2.1
CVSSv2
CVE-2020-10734
A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable....
Redhat Keycloak -Redhat Jboss Fuse 7.0.0Redhat Openshift Application Runtimes -Redhat Single Sign-on 7.0
6.8
CVSSv2
CVE-2016-7123
Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators....
Gnu Mailman
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
seacmsCVE-2023-28393remote code executionauthentication bypassopen redirectacymailingCVE-2023-43339CVE-2023-3664openstackpopup builderCVE-2023-21987CVE-2023-21991CVE-2023-3550
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook