Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-17056 | 1 Zkteco | 1 Zktime Web | 2024-11-21 | N/A |
| The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the old_password, new_password1, and new_password2 parameters to the /accounts/password_change/ URI. An attacker takes advantage of this scenario and creates a crafted CSRF link to add himself as an administrator to the ZKTime Web Software. He then uses social engineering methods to trick the administrator into clicking the forged HTTP request. The request is executed and the attacker becomes the Administrator of the ZKTime Web Software. If the vulnerability is successfully exploited, then an attacker (who would be a normal user of the web application) can escalate his privileges and become the administrator of ZKTime Web Software. | ||||
| CVE-2017-16886 | 1 Fiberhome | 2 Lm53q1, Lm53q1 Firmware | 2024-11-21 | N/A |
| The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal. | ||||
| CVE-2017-16862 | 1 Atlassian | 1 Jira | 2024-11-21 | N/A |
| The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability. | ||||
| CVE-2017-16780 | 1 Mybb | 1 Mybb | 2024-11-21 | N/A |
| The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file. | ||||
| CVE-2017-16756 | 1 Userscape | 1 Helpspot | 2024-11-21 | N/A |
| An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-site request forgery vulnerability exists on POST requests to the "index.php?pg=password.change" endpoint. This allows an attacker to change the password of another user's HelpSpot account. | ||||
| CVE-2017-16570 | 1 Keystonejs | 1 Keystone | 2024-11-21 | N/A |
| KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header. | ||||
| CVE-2017-16565 | 1 Grandstream | 2 Ht802, Ht802 Firmware | 2024-11-21 | N/A |
| Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests. | ||||
| CVE-2017-16563 | 1 Grandstream | 2 Ht802, Ht802 Firmware | 2024-11-21 | N/A |
| Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. | ||||
| CVE-2017-16244 | 1 Octobercms | 1 October | 2024-11-21 | N/A |
| Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable. | ||||
| CVE-2017-15808 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A |
| In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. | ||||
| CVE-2017-15735 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary. | ||||
| CVE-2017-15734 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php. | ||||
| CVE-2017-15733 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php. | ||||
| CVE-2017-15732 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php. | ||||
| CVE-2017-15731 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php. | ||||
| CVE-2017-15730 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php. | ||||
| CVE-2017-15729 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary. | ||||
| CVE-2017-15645 | 1 Webmin | 1 Webmin | 2024-11-21 | N/A |
| CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands. | ||||
| CVE-2017-15608 | 1 Inedo | 1 Proget | 2024-11-21 | N/A |
| Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings. | ||||
| CVE-2017-15516 | 1 Netapp | 1 Snapcenter Server | 2024-11-21 | N/A |
| NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface. | ||||