Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1581 | 1 Mobile Domain Project | 1 Mobile Domain | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mobile Domain plugin 1.5.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) domain, (3) text, (4) font, (5) fontcolor, (6) color, or (7) padding parameter in an add-domain action in the mobile-domain page to wp-admin/options-general.php.
|
|||||
| CVE-2016-1000213 | 1 Ruckus | 1 Wireless H500 | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
Ruckus Wireless H500 web management interface CSRF
|
|||||
| CVE-2015-0895 | 1 Tips And Tricks Hq | 1 All In One Wordpress Security And Firewall | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes.
|
|||||
| CVE-2015-5397 | 1 Joomla | 1 Joomla\! | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors.
|
|||||
| CVE-2015-6655 | 1 Pligg | 1 Pligg Cms | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin/admin_users.php.
|
|||||
| CVE-2014-10008 | 1 Iwcn | 1 Stark Crm | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add (1) an administrator via a crafted request to the admin page, (2) an agent via a crafted request to the agent page, (3) a sub-agent via a crafted request to the sub_agent page, (4) a partner via a crafted request to the partner page, or (5) a client via a crafted request to the client page.
|
|||||
| CVE-2015-0716 | 1 Cisco | 1 Unity Connection | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659.
|
|||||
| CVE-2015-5188 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Wildfly Application Server | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitrary changes to an instance via vectors involving a file upload using a multipart/form-data submission.
|
|||||
| CVE-2015-4256 | 1 Cisco | 1 Telepresence Ip Vcr 3.0 | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP VCR devices with software 3.0(1.27) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90736.
|
|||||
| CVE-2015-1580 | 1 Redirection Project | 1 Redirection | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) source or (3) redir parameter in an add action in the redirection-page to wp-admin/options-general.php.
|
|||||
| CVE-2016-6801 | 2 Apache, Debian | 2 Jackrabbit, Debian Linux | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header.
|
|||||
| CVE-2016-3007 | 1 Ibm | 1 Connections | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users.
|
|||||
| CVE-2014-3836 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site scripting (XSS) attacks, (2) modify files, or (3) rename files via unspecified vectors.
|
|||||
| CVE-2015-2048 | 1 Dlink | 2 Dcs-931l, Dcs-931l Firmware | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
|||||
| CVE-2016-0863 | 1 Tollgrade | 1 Smartgrid Lighthouse Sensor Management System | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to hijack the authentication of arbitrary users.
|
|||||
| CVE-2013-3257 | 1 Zemanta | 1 Related Posts | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the Related Posts plugin before 2.7.2 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors.
|
|||||
| CVE-2016-1448 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.7 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuy92706.
|
|||||
| CVE-2014-9393 | 1 Post To Twitter Project | 1 Post To Twitter | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Post to Twitter plugin 0.7 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) idptt_twitter_username or (2) idptt_tweet_prefix parameter to wp-admin/options-general.php.
|
|||||
| CVE-2012-6342 | 1 Atlassian | 1 Confluence Server | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators for requests that logout the user via a comment.
|
|||||
| CVE-2012-4902 | 1 Template Cms Project | 1 Template Cms | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (2) conduct static PHP code injection attacks via the themes_editor parameter in an edit_template action to admin/index.php.
|
|||||
| CVE-2014-0740 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701.
|
|||||
| CVE-2015-7678 | 1 Ipswitch | 1 Moveit Mobile | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
|||||
| CVE-2015-3366 | 1 Alfresco | 1 Alfresco | 2025-04-12 | 5.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an alfresco node via unspecified vectors.
|
|||||
| CVE-2015-5318 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.
|
|||||
| CVE-2014-0885 | 1 Ibm | 1 Lotus Protector For Mail Security | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
|
|||||
| CVE-2015-2295 | 1 Netgate | 1 Pfsense | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.
|
|||||
| CVE-2014-3267 | 1 Cisco | 1 Security Manager | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427.
|
|||||
| CVE-2013-0300 | 1 Owncloud | 1 Owncloud Server | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the default view via the v parameter to apps/calendar/ajax/changeview.php, mount arbitrary (2) Google Drive or (3) Dropbox folders via vectors related to addRootCertificate.php, dropbox.php and google.php in apps/files_external/ajax/, or (4) change the authentication server URL via unspecified vectors to apps/user_webd ...
Show More |
|||||
| CVE-2014-2641 | 1 Hp | 1 System Management Homepage | 2025-04-12 | 6.0 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
|
|||||
| CVE-2014-0126 | 1 Moodle | 1 Moodle | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file.
|
|||||
| CVE-2015-6944 | 1 Jsp\/mysql Administrador Web Project | 1 Jsp\/mysql Administrador Web | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to hijack the authentication of users for requests that execute arbitrary SQL commands via the cmd parameter to sys/sys/listaBD2.jsp.
|
|||||
| CVE-2014-7874 | 1 Hp | 2 Hp-ux, System Management Homepage | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
|||||
| CVE-2014-2659 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
|||||
| CVE-2015-5351 | 3 Apache, Canonical, Debian | 3 Tomcat, Ubuntu Linux, Debian Linux | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.
|
|||||
| CVE-2014-0961 | 1 Ibm | 2 Security Identity Manager, Tivoli Identity Manager | 2025-04-12 | 6.0 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
|
|||||
| CVE-2015-6408 | 1 Cisco | 1 Unity Connection | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578.
|
|||||
| CVE-2015-2083 | 1 Ilch | 1 Cms | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Ilch CMS allows remote attackers to hijack the authentication of administrators for requests that add a value to a profile field via a profilefields request to admin.php.
|
|||||
| CVE-2014-4333 | 1 Boonex | 1 Dolphin | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.
|
|||||
| CVE-2014-7190 | 1 Openfiler | 1 Openfiler | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Openfiler 2.99.1 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown or (2) reboot the server via a request to admin/system_shutdown.html.
|
|||||
| CVE-2015-7364 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-12 | 6.8 MEDIUM | N/A |
|
The HTML_Quickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token.
|
|||||