Export limit exceeded: 336640 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8798 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-13129 | 1 Zkteco | 1 Zktime Web | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens. | ||||
| CVE-2017-14011 | 1 Prominent | 2 Multiflex M10a Controller, Multiflex M10a Controller Firmware | 2025-04-20 | N/A |
| A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The application does not sufficiently verify requests, making it susceptible to cross-site request forgery. This may allow an attacker to execute unauthorized code, resulting in changes to the configuration of the device. | ||||
| CVE-2017-14048 | 1 Blackcat-cms | 1 Blackcat Cms | 2025-04-20 | N/A |
| BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. NOTE: this can be exploited via CSRF. | ||||
| CVE-2017-14092 | 1 Trendmicro | 1 Scanmail | 2025-04-20 | N/A |
| The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain. | ||||
| CVE-2017-15645 | 1 Webmin | 1 Webmin | 2025-04-20 | N/A |
| CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands. | ||||
| CVE-2017-15732 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php. | ||||
| CVE-2017-15729 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary. | ||||
| CVE-2017-15731 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php. | ||||
| CVE-2017-15733 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php. | ||||
| CVE-2017-15734 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php. | ||||
| CVE-2017-15735 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary. | ||||
| CVE-2017-15808 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. | ||||
| CVE-2017-1631 | 1 Ibm | 1 Jazz For Service Management | 2025-04-20 | N/A |
| IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140. | ||||
| CVE-2017-17908 | 1 Responsive Realestate Script Project | 1 Responsive Realestate Script | 2025-04-20 | N/A |
| PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general. | ||||
| CVE-2017-17905 | 1 Car Rental Script Project | 1 Car Rental Script | 2025-04-20 | N/A |
| PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. | ||||
| CVE-2017-16780 | 1 Mybb | 1 Mybb | 2025-04-20 | N/A |
| The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file. | ||||
| CVE-2017-17774 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| admin/configuration.php in Piwigo 2.9.2 has CSRF. | ||||
| CVE-2017-17827 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration§ion=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions. | ||||
| CVE-2017-17830 | 1 Doditsolutions | 1 Bus Booking Script | 2025-04-20 | N/A |
| Bus Booking Script has CSRF via admin/new_master.php. | ||||
| CVE-2017-17903 | 1 Fortunescripts | 1 Lynda Clone | 2025-04-20 | N/A |
| FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel. | ||||