CVE-2017-9064 CVSS:6.8
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials. (Last Update:2017-05-23) (Publish Update:2017-05-18)
CVE-2017-9033 CVSS:0.0
Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoption_set.cgi, related to the lack of anti-CSRF tokens. (Last Update:2017-05-25) (Publish Update:2017-05-25)
CVE-2017-8930 CVSS:6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application, (2) create regular user accounts, or (3) change configuration parameters such as tax rates and the enable/disable status of PayPal payment modules. (Last Update:2017-05-25) (Publish Update:2017-05-14)
CVE-2017-8928 CVSS:6.8
mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF. (Last Update:2017-05-23) (Publish Update:2017-05-14)
CVE-2017-8875 CVSS:4.3
CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL. (Last Update:2017-05-18) (Publish Update:2017-05-10)
CVE-2017-8874 CVSS:6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts. (Last Update:2017-05-17) (Publish Update:2017-05-10)
CVE-2017-8868 CVSS:5.0
acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF. (Last Update:2017-05-17) (Publish Update:2017-05-10)
CVE-2017-8848 CVSS:4.3
Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password. (Last Update:2017-05-16) (Publish Update:2017-05-08)
CVE-2017-8382 CVSS:3.5
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts. (Last Update:2017-05-23) (Publish Update:2017-05-16)
CVE-2017-8101 CVSS:6.8
There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request. (Last Update:2017-04-27) (Publish Update:2017-04-24)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com