Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cross-site request forgery vulnerabilities and exploits
(subscribe to this query)
8
CVSSv3
CVE-2017-13129
Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.
Zkteco Zktime Web 2.0.1.12280
1 EDB exploit
8.8
CVSSv3
CVE-2017-16244
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an malicious user to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF hea...
Octobercms October 1.0.426
1 EDB exploit
NA
CVE-2012-6434
Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote malicious users to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3)...
E107 E107 1.0.2
1 EDB exploit
8.8
CVSSv3
CVE-2019-11374
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
74cms 74cms 5.0.1
1 EDB exploit
8.8
CVSSv3
CVE-2019-11416
A CSRF issue exists on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user.
Intelbras Iwr 3000n Firmware 1.5.0
1 EDB exploit
8.8
CVSSv3
CVE-2016-3403
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration prior to 8.6.0 Patch 8 allow remote malicious users to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging f...
Synacor Zimbra Collaboration Suite
NA
CVE-2024-25344
Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe malicious user to execute arbitrary code and obtain sensitive information via the settings.php, settings+company.php, settings_defaults.php,settings_integrati...
NA
CVE-2013-4889
Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote malicious users to hijack the authentication of administrators for requests that (1) add a new administrator via the AddUser action or (2) conduct cross-site scripti...
Springsignage Xibo 1.4.2
1 EDB exploit
NA
CVE-2014-2989
Cross-site request forgery (CSRF) vulnerability in Open Assessment Technologies TAO 2.5.6 allows remote malicious users to hijack the authentication of administrators for requests that create administrative accounts via a request to Users/add.
Open Assessment Technologies Tao 2.5.6
1 EDB exploit
NA
CVE-2011-1026
Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 up to and including 1.2.2, and 1.3.x prior to 1.3.5, allow remote malicious users to hijack the authentication of administrators.
Apache Archiva 1.1
Apache Archiva 1.1.1
Apache Archiva 1.2-m1
Apache Archiva 1.3
Apache Archiva 1.1.2
Apache Archiva 1.1.3
Apache Archiva 1.2.1
Apache Archiva 1.2.2
Apache Archiva 1.1.4
Apache Archiva 1.2
Apache Archiva 1.0
Apache Archiva 1.0.1
Apache Archiva 1.3.4
Apache Archiva 1.0.2
Apache Archiva 1.0.3
Apache Archiva 1.3.1
Apache Archiva 1.3.2
Apache Archiva 1.3.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »