Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10885 | 1 Benjaminrojas | 1 Wp Editor | 2024-11-21 | N/A |
| The wp-editor plugin before 1.2.6 for WordPress has CSRF. | ||||
| CVE-2016-10884 | 1 Simple-membership-plugin | 1 Simple Membership | 2024-11-21 | 8.8 High |
| The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues. | ||||
| CVE-2016-10883 | 1 Mijnpress | 1 Simple Add Pages Or Posts | 2024-11-21 | N/A |
| The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users. | ||||
| CVE-2016-10882 | 1 Google Doc Embedder Project | 1 Google Doc Embedder | 2024-11-21 | N/A |
| The google-document-embedder plugin before 2.6.2 for WordPress has CSRF. | ||||
| CVE-2016-10876 | 1 Wpseeds | 1 Wp Database Backup | 2024-11-21 | N/A |
| The wp-database-backup plugin before 4.3.1 for WordPress has CSRF. | ||||
| CVE-2016-10874 | 1 Wpseeds | 1 Wp Database Backup | 2024-11-21 | 8.8 High |
| The wp-database-backup plugin before 4.3.3 for WordPress has CSRF. | ||||
| CVE-2016-10865 | 1 23systems | 1 Lightbox Plus Colorbox | 2024-11-21 | N/A |
| The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS. | ||||
| CVE-2016-10863 | 1 Edimax | 4 7237rpd, 7237rpd Firmware, Ew-7438rpn Mini and 1 more | 2024-11-21 | N/A |
| Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure. | ||||
| CVE-2016-10862 | 1 Neetcables | 2 Airstream Nas, Airstream Nas Firmware | 2024-11-21 | N/A |
| Neet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be changed via the configuration page. | ||||
| CVE-2016-10861 | 1 Neetcables | 2 Airstream, Airstream Nas Firmware | 2024-11-21 | N/A |
| Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settings binary to change the AP name and password. | ||||
| CVE-2016-10766 | 1 Edx | 1 Edx-platform | 2024-11-21 | 8.8 High |
| edx-platform before 2016-06-06 allows CSRF. | ||||
| CVE-2016-10757 | 1 Readaxo | 1 Readaxo | 2024-11-21 | N/A |
| In Redaxo 5.2.0, the cron management of the admin panel suffers from CSRF that leads to arbitrary Remote Code Execution via addons/cronjob/lib/types/phpcode.php. | ||||
| CVE-2016-10756 | 1 Kliqqi | 1 Kliqqi Cms | 2024-11-21 | N/A |
| Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/upload_main.php can be used for the upload itself. | ||||
| CVE-2016-10738 | 1 Castlamp | 1 Zenbership | 2024-11-21 | N/A |
| Zenbership v107 has CSRF via admin/cp-functions/event-add.php. | ||||
| CVE-2016-10701 | 1 Hitachivantara | 1 Pentaho Business Analytics | 2024-11-21 | N/A |
| In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application. | ||||
| CVE-2016-10529 | 1 Droppy Project | 1 Droppy | 2024-11-21 | N/A |
| Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others. | ||||
| CVE-2016-10522 | 1 Rails Admin Project | 1 Rails Admin | 2024-11-21 | N/A |
| rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem. | ||||
| CVE-2016-10313 | 1 Jensenofscandinavia | 6 Al3g, Al3g Firmware, Al5000ac and 3 more | 2024-11-21 | N/A |
| Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct CSRF attacks via certain /goform/* pages. | ||||
| CVE-2016-10206 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php. | ||||
| CVE-2016-1000218 | 1 Elastic | 1 Kibana Reporting | 2024-11-21 | N/A |
| Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page. | ||||