Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cross-site request forgery vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-11671
An issue exists in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle.
Njtech Greencms 2.3.0603
1 EDB exploit
8.8
CVSSv3
CVE-2017-6086
Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote malicious users to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmi...
Vimbadmin Vimbadmin 3.0.15
1 EDB exploit
8.8
CVSSv3
CVE-2018-19135
ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an malicious user to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by de...
Clippercms Clippercms 1.3.3
1 EDB exploit
NA
CVE-2014-0621
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote malicious users to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) dis...
Technicolor Tc7200 Firmware Std6.01.12
Technicolor Tc7200 -
1 EDB exploit
8.8
CVSSv3
CVE-2018-12114
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
Maccms Maccms 10.0
1 EDB exploit
NA
CVE-2012-6493
Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console prior to 5.5.4 allows remote malicious users to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.
Rapid7 Nexpose
Rapid7 Nexpose 5.5.1
Rapid7 Nexpose 5.4.12
Rapid7 Nexpose 5.4.11
Rapid7 Nexpose 5.4.10
Rapid7 Nexpose 5.4.5
Rapid7 Nexpose 5.4.4
Rapid7 Nexpose 5.4.3
Rapid7 Nexpose 5.4.2
Rapid7 Nexpose 5.4.9
Rapid7 Nexpose 5.4.7
Rapid7 Nexpose 5.4
Rapid7 Nexpose 5.4.8
Rapid7 Nexpose 5.4.6
Rapid7 Nexpose 5.4.1
1 EDB exploit
8.8
CVSSv3
CVE-2017-5264
Versions of Nexpose before 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.
Rapid7 Nexpose
1 EDB exploit
8.8
CVSSv3
CVE-2017-1000499
phpMyAdmin versions 4.7.x (before 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.
Phpmyadmin Phpmyadmin
1 EDB exploit
1 Github repository
7.5
CVSSv3
CVE-2017-9415
Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view.
Subsonic Subsonic 6.1.1
1 EDB exploit
NA
CVE-2014-2399
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote malicious users to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2400...
Oracle Fusion Middleware 2.2.2
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »