Vulmon
Recent Vulnerabilities
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
cross-site request forgery vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-3223
SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."...
5
CVSSv2
CVE-2008-3219
The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not "prevent use of the object HTML tag in administrator input," which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection...
6.8
CVSSv2
CVE-2008-3222
Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors....
6.8
CVSSv2
CVE-2008-3220
Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings."...
4.3
CVSSv2
CVE-2008-3221
Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities....
6.8
CVSSv2
CVE-2009-0471
Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request....
6.8
CVSSv2
CVE-2013-6826
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks....
1 EDB exploit available
6.8
CVSSv2
CVE-2012-3384
Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors....
6.8
CVSSv2
CVE-2016-3734
Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read....
4.3
CVSSv2
CVE-2007-4063
Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to (1) delete comments, (2) delete content revisions, and (3) disable menu items as privileged users, related to improper use of HTTP GET and the Forms API....
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
wireless
CVE-2020-28864
CVE-2018-16721
jingyun antivirus
CVE-2020-948444
CVE-2020-4006
inject
encryption
CVE-2020-7378
v-secure
CVE-2020-26240
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »
Vulmon