Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4227 | 1 Mozilla | 1 Persona | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type.
|
|||||
| CVE-2013-3935 | 1 Opsview | 2 Opsview, Opsview Core | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.
|
|||||
| CVE-2013-3568 | 1 Cisco | 2 Linksys Wrt110, Linksys Wrt110 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
|
|||||
| CVE-2013-3516 | 1 Netgear | 4 Wnr3500l, Wnr3500l Firmware, Wnr3500u and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens.
|
|||||
| CVE-2013-3366 | 1 Trendnet | 2 Tew-812dru, Tew-812dru Firmware | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
Undocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3.
|
|||||
| CVE-2013-3312 | 1 Loftek | 2 Nexus 543, Nexus 543 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Loftek Nexus 543 IP Camera allow remote attackers to hijack the authentication of unspecified victims for requests that change (1) passwords or (2) firewall configuration, as demonstrated by a request to set_users.cgi.
|
|||||
| CVE-2013-3093 | 1 Asus | 14 Dsl-n55u, Dsl-n55u Firmware, Rt-ac66u and 11 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
ASUS RT-N56U devices allow CSRF.
|
|||||
| CVE-2013-2109 | 1 Undolog | 1 Wp Cleanfix | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
WordPress plugin wp-cleanfix has Remote Code Execution
|
|||||
| CVE-2013-2108 | 1 Undolog | 1 Cleanfix | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
|
WordPress WP Cleanfix Plugin 2.4.4 has CSRF
|
|||||
| CVE-2013-10029 | 1 Angrybte | 1 Wordpress Exit Box Lite | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic was found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this vulnerability is the function exitboxadmin of the file wordpress-exit-box-lite.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.10 is able to address this issue. The patch is named fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The associated identifier of this vu ...
Show More |
|||||
| CVE-2013-10027 | 1 Wordpress | 1 Blogger Importer | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in Blogger Importer Plugin up to 0.5 on WordPress. It has been classified as problematic. Affected is the function start/restart of the file blogger-importer.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 0.6 is able to address this issue. The patch is identified as b83fa4f862b0f19a54cfee76060ec9c2e7f7ca70. It is recommended to upgrade the affected component. VDB-230658 is the identifier assi ...
Show More |
|||||
| CVE-2013-10025 | 1 Exit Strategy Project | 1 Exit Strategy | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is able to address this issue. The patch is identified as d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. VDB-225266 is the identifier assigned to this vulner ...
Show More |
|||||
| CVE-2013-0196 | 1 Redhat | 2 Enterprise Linux, Openshift | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.
|
|||||
| CVE-2013-0185 | 1 Redhat | 1 Manageiq Enterprise Virtualization Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
|
|||||
| CVE-2012-6721 | 1 Socialengine | 1 Socialengine | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Forum, (2) Event, and (3) Classifieds plugins in SocialEngine before 4.2.4.
|
|||||
| CVE-2012-6297 | 1 Dd-wrt | 1 Dd-wrt | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service.
|
|||||
| CVE-2012-4385 | 2 Debian, Trilexnet | 2 Debian Linux, Letodms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
letodms 3.3.6 has CSRF via change password
|
|||||
| CVE-2012-2629 | 1 Axous | 1 Axous | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator account via an addnew action to admin/administrators_add.php; or (2) conduct cross-site scripting (XSS) attacks via the page_title parameter to admin/content_pages_edit.php; the (3) category_name[] parameter to admin/products_category.php; the (4) site_name, (5) seo_tit ...
Show More |
|||||
| CVE-2012-2079 | 1 Drupal | 1 Activity | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
|
|||||
| CVE-2012-10017 | 1 Bestwebsoft | 1 Portfolio | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to address this issue. The patch is named 68af950330c3202a706f0ae9bbb52ceaa17dda9d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248955.
|
|||||
| CVE-2012-10015 | 1 Bestwebsoft | 1 Twitter | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in BestWebSoft Twitter Plugin up to 2.14 on WordPress. It has been classified as problematic. Affected is the function twttr_settings_page of the file twitter.php of the component Settings Page. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 2.15 is able to address this issue. The patch is identified as a6d4659cbb2cbf18ccb0fb43549d5113d74e0146. It is recommended to upgrade the affected component. ...
Show More |
|||||
| CVE-2012-10012 | 1 Bestwebsoft | 1 Facebook Button | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability has been found in BestWebSoft Facebook Like Button up to 2.13 and classified as problematic. Affected by this vulnerability is the function fcbk_bttn_plgn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The patch is named 33144ae5a45ed07efe7fceca901d91365fdbf7cb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225355.
|
|||||
| CVE-2012-10010 | 1 Bestwebsoft | 1 Contact Form | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in BestWebSoft Contact Form 3.21. It has been classified as problematic. This affects the function cntctfrm_settings_page of the file contact_form.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.22 is able to address this issue. The identifier of the patch is 8398d96ff0fe45ec9267d7259961c2ef89ed8005. It is recommended to upgrade the affected component. The identifier VDB-225321 was assigne ...
Show More |
|||||
| CVE-2012-0699 | 1 Haudenschilt | 1 Family Connections Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.
|
|||||
| CVE-2011-5328 | 1 User Access Manager Project | 1 User Access Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The user-access-manager plugin before 1.2 for WordPress has CSRF.
|
|||||
| CVE-2011-5250 | 1 Prophecyinternational | 1 Snare | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Snare for Linux before 1.7.0 has CSRF in the web interface.
|
|||||
| CVE-2011-4952 | 1 Cobblerd | 1 Cobbler | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
cobbler: Web interface lacks CSRF protection when using Django framework
|
|||||
| CVE-2011-3612 | 1 Usebb | 1 Usebb | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12.
|
|||||
| CVE-2011-3609 | 1 Redhat | 1 Jboss Application Server | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker.
|
|||||
| CVE-2011-3582 | 1 Anelectron | 1 Advanced Electron Forums | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator functions.
|
|||||
| CVE-2011-2934 | 1 Websitebaker | 1 Websitebaker | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions.
|
|||||
| CVE-2011-1085 | 1 Smoothwall | 1 Smoothwall Express | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
CSRF vulnerability in Smoothwall Express 3.
|
|||||
| CVE-2011-0525 | 1 Batavi | 1 Batavi | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Batavi before 1.0 has CSRF.
|
|||||
| CVE-2010-4241 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Tiki Wiki CMS Groupware 5.2 has CSRF
|
|||||
| CVE-2010-3305 | 1 Pixelpost | 1 Pixelpost | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.
|
|||||
| CVE-2024-52401 | 2024-11-20 | N/A | 9.6 CRITICAL | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in 荒野无灯 Hacklog DownloadManager allows Upload a Web Shell to a Web Server.This issue affects Hacklog DownloadManager: from n/a through 2.1.4.
|
|||||
| CVE-2024-52424 | 1 Sureshkumar | 1 Wp-login Customizer | 2024-11-20 | N/A | 6.1 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Suresh Kumar wp-login customizer allows Stored XSS.This issue affects wp-login customizer: from n/a through 1.0.
|
|||||
| CVE-2024-51643 | 2024-11-19 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Rajan Agaskar Amazon Associate Filter allows Stored XSS.This issue affects Amazon Associate Filter: from n/a through 0.4.
|
|||||
| CVE-2024-51638 | 2024-11-19 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Sanjeev Mohindra Awesome Shortcodes For Genesis allows Stored XSS.This issue affects Awesome Shortcodes For Genesis: from n/a through .8.
|
|||||
| CVE-2024-51653 | 2024-11-19 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Mario Spinaci UPDATE NOTIFICATIONS allows Stored XSS.This issue affects UPDATE NOTIFICATIONS: from n/a through 0.3.4.
|
|||||