Ruckus Wireless H500 web management interface CSRF
Source: MITRE
Max CVSS
8.8
EPSS Score
0.07%
Published
2016-10-25
Updated
2017-07-07
An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.17%
Published
2016-12-11
Updated
2017-07-01
A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server at port 80/TCP or port 443/TCP of the affected devices could allow remote attackers to perform actions with the permissions of an authenticated user, provided the targeted user has an active session and is induced to trigger the malicious request.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.11%
Published
2016-11-23
Updated
2019-12-12
CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.
Source: Yandex N.V.
Max CVSS
4.3
EPSS Score
0.06%
Published
2016-10-26
Updated
2016-12-02
Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks.
Source: Adobe Systems Incorporated
Max CVSS
8.8
EPSS Score
0.24%
Published
2016-12-15
Updated
2016-12-22
CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remote management interface, or reset the router.
Source: MITRE
Max CVSS
8.0
EPSS Score
0.13%
Published
2016-12-17
Updated
2016-12-21
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.77%
Published
2016-10-03
Updated
2018-01-05
Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.16%
Published
2016-09-02
Updated
2017-07-29
The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token.
Source: Red Hat, Inc.
Max CVSS
8.8
EPSS Score
0.13%
Published
2016-09-07
Updated
2018-02-15
Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.23%
Published
2016-09-02
Updated
2017-08-13
Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.09%
Published
2016-09-21
Updated
2016-10-04
Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files.
Source: Dell
Max CVSS
6.1
EPSS Score
0.08%
Published
2016-09-18
Updated
2016-11-28
Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page.
Source: Dell
Max CVSS
9.6
EPSS Score
0.09%
Published
2016-09-30
Updated
2021-08-06
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.13%
Published
2016-08-07
Updated
2017-11-04
A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvb06663. Known Affected Releases: 11.5(1.10000.4). Known Fixed Releases: 12.0(0.98000.14).
Source: Cisco Systems, Inc.
Max CVSS
8.8
EPSS Score
0.18%
Published
2016-12-14
Updated
2017-01-05
A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. More Information: CSCva54241. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(0.98000.216).
Source: Cisco Systems, Inc.
Max CVSS
6.5
EPSS Score
0.08%
Published
2016-11-03
Updated
2016-11-28
A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0.
Source: Cisco Systems, Inc.
Max CVSS
8.8
EPSS Score
0.09%
Published
2016-10-27
Updated
2016-11-28
A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvb57213. Known Affected Releases: 11.0(1).
Source: Cisco Systems, Inc.
Max CVSS
8.8
EPSS Score
0.16%
Published
2016-10-27
Updated
2017-07-29
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654.
Source: Cisco Systems, Inc.
Max CVSS
8.8
EPSS Score
0.16%
Published
2016-10-06
Updated
2017-07-30
Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636.
Source: Cisco Systems, Inc.
Max CVSS
8.8
EPSS Score
0.16%
Published
2016-10-05
Updated
2017-07-30

CVE-2016-6277

Known exploited
Public exploit
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
Source: MITRE
Max CVSS
9.3
EPSS Score
97.46%
Published
2016-12-14
Updated
2017-08-16
CISA KEV Added
2022-03-07
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrators for requests that (1) restore factory settings or (2) reboot the device via unspecified vectors.
Source: MITRE
Max CVSS
7.1
EPSS Score
0.06%
Published
2016-09-21
Updated
2016-09-22
The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.48%
Published
2016-07-03
Updated
2018-10-30
Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users.
Source: CERT/CC
Max CVSS
8.8
EPSS Score
0.10%
Published
2016-08-03
Updated
2016-08-16
Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content.
Source: JPCERT/CC
Max CVSS
8.8
EPSS Score
0.32%
Published
2016-09-24
Updated
2017-02-19
88 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!