Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-10081 | 1 Submitbymailplugin Project | 1 Submitbymailplugin | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in arnoldle submitByMailPlugin 1.0b2.9 and classified as problematic. This issue affects some unknown processing of the file edit_list.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 1.0b2.9a is able to address this issue. The patch is named a739f680a1623d22f52ff1371e86ca472e63756f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221495.
|
|||||
| CVE-2015-10001 | 1 Wp-stats Project | 1 Wp-stats | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloads
|
|||||
| CVE-2015-0151 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
|
|||||
| CVE-2014-9502 | 1 Open Atrium Project | 1 Open Atrium | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks.
|
|||||
| CVE-2014-9382 | 1 Free | 1 Freebox Os | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user account creation
|
|||||
| CVE-2014-8942 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Lexiglot through 2014-11-20 allows CSRF.
|
|||||
| CVE-2014-7198 | 1 Openmicroscopy | 1 Omero | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection.
|
|||||
| CVE-2014-6046 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token.
|
|||||
| CVE-2014-5516 | 1 Konakart | 1 Konakart | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requests that change a user email address via an unspecified GET request.
|
|||||
| CVE-2014-5288 | 1 Kemptechnologies | 1 Load Master | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages.
|
|||||
| CVE-2014-5280 | 1 Boot2docker | 1 Boot2docker | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons enabling TCP connections without TLS authentication.
|
|||||
| CVE-2014-5072 | 1 Wpsecurityauditlog | 1 Wp Security Audit Log | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
|||||
| CVE-2014-5034 | 1 Fresh-media | 1 Brute Force Login Protection | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in the Brute Force Login Protection module 1.3 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that have unknown impact via a crafted request to the brute-force-login-protection page to wp-admin/options-general.php.
|
|||||
| CVE-2014-4613 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.
|
|||||
| CVE-2014-3655 | 1 Redhat | 2 Jboss Enterprise Web Server, Keycloak | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
JBoss KeyCloak is vulnerable to soft token deletion via CSRF
|
|||||
| CVE-2014-3590 | 1 Redhat | 1 Satellite | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.
|
|||||
| CVE-2014-3136 | 1 Dlink | 2 Dwr-113, Dwr-113 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors.
|
|||||
| CVE-2014-2675 | 1 Wp-html-sitemap Project | 1 Wp-html-sitemap | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
|
Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-sitemap page in wp-admin/options-general.php.
|
|||||
| CVE-2014-2550 | 1 Disable Comments | 1 Disable Comments Project | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settings page to wp-admin/options-general.php.
|
|||||
| CVE-2014-2274 | 1 Subscribe To Comments Reloaded Project | 1 Subscribe To Comments Reloaded | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php.
|
|||||
| CVE-2014-2225 | 1 Ui | 3 Airvision Controller, Mfi Controller, Unifi Controller | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users b ...
Show More |
|||||
| CVE-2014-1457 | 1 Openwebanalytics | 1 Open Web Analytics | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name.
|
|||||
| CVE-2014-125028 | 1 Valtech | 1 Idp Test Clients | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in valtech IDP Test Client and classified as problematic. Affected by this issue is some unknown functionality of the file python-flask/main.py. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The name of the patch is f1e7b3d431c8681ec46445557125890c14fa295f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217148.
|
|||||
| CVE-2014-10382 | 1 Pippinsplugins | 1 Featured Comments | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment.
|
|||||
| CVE-2014-10381 | 1 User Domain Whitelist Project | 1 User Domain Whitelist | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The user-domain-whitelist plugin before 1.5 for WordPress has CSRF.
|
|||||
| CVE-2014-0594 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.
|
|||||
| CVE-2014-0197 | 1 Redhat | 2 Cloudforms, Cloudforms Management Engine | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
CFME: CSRF protection vulnerability via permissive check of the referrer header
|
|||||
| CVE-2014-0026 | 1 Redhat | 1 Subscription Asset Manager | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
katello-headpin is vulnerable to CSRF in REST API
|
|||||
| CVE-2013-7476 | 1 Simple Fields Project | 1 Simple Fields | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface.
|
|||||
| CVE-2013-7473 | 1 Windu | 1 Windu Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account.
|
|||||
| CVE-2013-7464 | 1 Csrf-magic Project | 1 Csrf-magic | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used.
|
|||||
| CVE-2013-7053 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
D-Link DIR-100 4.03B07: cli.cgi CSRF
|
|||||
| CVE-2013-6811 | 1 D-link | 2 Dsl6740u, Dsl6740u Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. H1) allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to (1) Custom Services in Port Forwarding, (2) Port Triggering Entries, (3) URL Filters in Parental Control, (4) Print Server settings, (5) QoS Queue Setup, or (6) QoS Classification Entries.
|
|||||
| CVE-2013-6365 | 3 Debian, Horde, Opensuse | 3 Debian Linux, Groupware, Opensuse | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
|
Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions
|
|||||
| CVE-2013-6364 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
|
|||||
| CVE-2013-6275 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.
|
|||||
| CVE-2013-4865 | 1 Micasaverde | 2 Veralite, Veralite Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter.
|
|||||
| CVE-2013-4848 | 1 Tp-link | 2 Tl-wdr4300, Tl-wdr4300 Firmware | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities.
|
|||||
| CVE-2013-4792 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
PrestaShop before 1.4.11 allows logout CSRF.
|
|||||
| CVE-2013-4665 | 1 Spbas | 1 Business Automation Software | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
SPBAS Business Automation Software 2012 has CSRF.
|
|||||