Total
7170 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-2157 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins. | ||||
CVE-2016-2082 | 1 Vmware | 1 Vrealize Log Insight | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
CVE-2016-1607 | 1 Novell | 1 Filr | 2024-11-21 | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request. | ||||
CVE-2016-1470 | 1 Cisco | 1 Small Business 220 Series Smart Plus Switches | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuz76230. | ||||
CVE-2016-1448 | 1 Cisco | 1 Webex Meetings Server | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.7 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuy92706. | ||||
CVE-2016-1265 | 1 Juniper | 1 Junos Space | 2024-11-21 | N/A |
A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected. | ||||
CVE-2016-1261 | 1 Juniper | 1 Junos | 2024-11-21 | N/A |
J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service (DoS). | ||||
CVE-2016-1228 | 2 Ntt-east, Ntt-west | 12 Pr-400mi, Pr-400mi Firmware, Rt-400mi and 9 more | 2024-11-21 | 8.8 High |
Cross-site request forgery (CSRF) vulnerability on NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allows remote attackers to hijack the authentication of arbitrary users. | ||||
CVE-2016-1201 | 1 Lockon | 1 Ec-cube | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators. | ||||
CVE-2016-1175 | 1 Sharp | 2 Aquos Hn-pp150, Aquos Hn-pp150 Firmware | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users. | ||||
CVE-2016-1174 | 1 Hiniarata | 1 Casebook Plugin | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators. | ||||
CVE-2016-1172 | 1 Hiniarata | 1 Casebook Plugin | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators. | ||||
CVE-2016-1170 | 1 Hiniarata | 1 Casebook Plugin | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to hijack the authentication of administrators. | ||||
CVE-2016-1168 | 1 Aterm | 2 Wf800hp, Wf800hp Firmware | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users. | ||||
CVE-2016-1167 | 1 Aterm | 2 Wg300hp, Wg300hp Firmware | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users. | ||||
CVE-2016-1161 | 1 Zohocorp | 1 Password Manager Pro | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500). | ||||
CVE-2016-1158 | 1 Corega | 4 Cg-wlbargmh, Cg-wlbargmh Firmware, Cg-wlbargnl and 1 more | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH and CG-WLBARGNL devices allows remote attackers to hijack the authentication of administrators for requests that perform administrative functions. | ||||
CVE-2016-1151 | 1 Cybozu | 1 Office | 2024-11-21 | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users. | ||||
CVE-2016-1139 | 1 Kddi | 2 Home Spot Cube, Home Spot Cube Firmware | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
CVE-2016-1134 | 1 Buffalotech | 16 Bhr-4grv2, Bhr-4grv2 Firmware, Wex-300 and 13 more | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to hijack the authentication of arbitrary users. |