Total
8009 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-7473 | 1 Windu | 1 Windu Cms | 2024-11-21 | N/A |
| Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account. | ||||
| CVE-2013-7464 | 1 Csrf-magic Project | 1 Csrf-magic | 2024-11-21 | N/A |
| In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used. | ||||
| CVE-2013-7053 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2024-11-21 | 8.8 High |
| D-Link DIR-100 4.03B07: cli.cgi CSRF | ||||
| CVE-2013-6811 | 1 D-link | 2 Dsl6740u, Dsl6740u Firmware | 2024-11-21 | 8.8 High |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. H1) allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to (1) Custom Services in Port Forwarding, (2) Port Triggering Entries, (3) URL Filters in Parental Control, (4) Print Server settings, (5) QoS Queue Setup, or (6) QoS Classification Entries. | ||||
| CVE-2013-6365 | 3 Debian, Horde, Opensuse | 3 Debian Linux, Groupware, Opensuse | 2024-11-21 | 5.3 Medium |
| Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions | ||||
| CVE-2013-6364 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 8.8 High |
| Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book | ||||
| CVE-2013-6275 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 6.5 Medium |
| Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. | ||||
| CVE-2013-4865 | 1 Micasaverde | 2 Veralite, Veralite Firmware | 2024-11-21 | 6.5 Medium |
| Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter. | ||||
| CVE-2013-4848 | 1 Tp-link | 2 Tl-wdr4300, Tl-wdr4300 Firmware | 2024-11-21 | 8.8 High |
| TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. | ||||
| CVE-2013-4792 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 5.5 Medium |
| PrestaShop before 1.4.11 allows logout CSRF. | ||||
| CVE-2013-4665 | 1 Spbas | 1 Business Automation Software | 2024-11-21 | 6.5 Medium |
| SPBAS Business Automation Software 2012 has CSRF. | ||||
| CVE-2013-4227 | 1 Mozilla | 1 Persona | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type. | ||||
| CVE-2013-3935 | 1 Opsview | 2 Opsview, Opsview Core | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors. | ||||
| CVE-2013-3568 | 1 Cisco | 2 Linksys Wrt110, Linksys Wrt110 Firmware | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | ||||
| CVE-2013-3516 | 1 Netgear | 4 Wnr3500l, Wnr3500l Firmware, Wnr3500u and 1 more | 2024-11-21 | 6.5 Medium |
| NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens. | ||||
| CVE-2013-3366 | 1 Trendnet | 2 Tew-812dru, Tew-812dru Firmware | 2024-11-21 | 8.8 High |
| Undocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3. | ||||
| CVE-2013-3312 | 1 Loftek | 2 Nexus 543, Nexus 543 Firmware | 2024-11-21 | 8.8 High |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Loftek Nexus 543 IP Camera allow remote attackers to hijack the authentication of unspecified victims for requests that change (1) passwords or (2) firewall configuration, as demonstrated by a request to set_users.cgi. | ||||
| CVE-2013-3093 | 1 Asus | 14 Dsl-n55u, Dsl-n55u Firmware, Rt-ac66u and 11 more | 2024-11-21 | 8.8 High |
| ASUS RT-N56U devices allow CSRF. | ||||
| CVE-2013-2109 | 1 Undolog | 1 Wp Cleanfix | 2024-11-21 | 8.8 High |
| WordPress plugin wp-cleanfix has Remote Code Execution | ||||
| CVE-2013-2108 | 1 Undolog | 1 Cleanfix | 2024-11-21 | 5.4 Medium |
| WordPress WP Cleanfix Plugin 2.4.4 has CSRF | ||||