Security Vulnerabilities, CVEs, Published In January 2012 (CSRF) CVSS score >= 3
Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accounts.
Max CVSS
6.8
EPSS Score
0.11%
Published
2012-01-24
Updated
2012-01-24
Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php.
Max CVSS
6.8
EPSS Score
0.20%
Published
2012-01-29
Updated
2012-02-02
Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via user_delete.php and other unspecified programs.
Max CVSS
6.8
EPSS Score
0.23%
Published
2012-01-29
Updated
2017-08-29
CVE-2011-4642
Public exploit
mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172.
Max CVSS
4.6
EPSS Score
1.65%
Published
2012-01-03
Updated
2012-11-06
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that upload attachments.
Max CVSS
6.8
EPSS Score
0.29%
Published
2012-01-02
Updated
2012-02-02
Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that create bug reports.
Max CVSS
6.8
EPSS Score
0.29%
Published
2012-01-02
Updated
2012-02-02
6 vulnerabilities found