Export limit exceeded: 341084 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8868 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-5361 | 1 Landesk | 1 Landesk Management Suite | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk Management Suite 9.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) start, (2) stop, or (3) restart services via a request to remote/serverServices.aspx. | ||||
| CVE-2015-1424 | 1 Jakweb | 1 Gecko Cms | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php. | ||||
| CVE-2013-3476 | 1 Zemanta | 1 Related Posts | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change settings via unspecified vectors. | ||||
| CVE-2015-4397 | 1 Node Template Project | 1 Node Template | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Node Template module for Drupal allows remote attackers to hijack the authentication of users with the "access node template" permission for requests that delete node templates via unspecified vectors. | ||||
| CVE-2013-2710 | 1 Ajaydsouza | 1 Contextual Related Posts | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors. | ||||
| CVE-2013-2708 | 1 Snilesh | 1 Content Slide | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Content Slide plugin 1.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. | ||||
| CVE-2013-2705 | 1 Tipsandtricks-hq | 1 Wordpress Simple Paypal Shopping Cart | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the WordPress Simple Paypal Shopping Cart plugin before 3.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings. | ||||
| CVE-2013-2699 | 1 Underconstruction Project | 1 Underconstruction | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the underConstruction plugin before 1.09 for WordPress allows remote attackers to hijack the authentication of administrators for requests that deactivate a plugin via unspecified vectors. | ||||
| CVE-2013-2698 | 1 Kieranoshea | 1 Calendar | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the authentication of users for requests that add a calendar entry via unspecified vectors. | ||||
| CVE-2013-2700 | 1 Webmaster-source | 1 Wp125 | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Add/Edit page (adminmenus.php) in the WP125 plugin before 1.5.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that add or edit an ad via unspecified vectors. | ||||
| CVE-2014-5204 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-12 | N/A |
| wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack. | ||||
| CVE-2015-5050 | 1 Ibm | 1 Emptoris Contract Management | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | ||||
| CVE-2015-0541 | 1 Rsa | 1 Web Threat Detection | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat Detection before 5.1 allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2015-6973 | 1 Igniterealtime | 1 Openfire | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafted request to user-create.jsp, (3) edit server settings or (4) disable SSL on the server via a crafted request to server-props.jsp, or (5) add clients via a crafted request to plugins/clientcontrol/permitted-clients.jsp. | ||||
| CVE-2015-2134 | 1 Hp | 1 System Management Homepage | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2015-0651 | 1 Cisco | 1 Application Networking Manager | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753. | ||||
| CVE-2015-2089 | 1 Crossslide Jquery Project | 1 Crossslide Jquery | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) csj_width, (3) csj_height, (4) csj_sleep, (5) csj_fade, or (6) upload_image parameter in the thisismyurl_csj.php page to wp-admin/options-general.php. | ||||
| CVE-2015-2084 | 1 Cybernetikz | 1 Easy Social Icons | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the image_file parameter in an edit action in the cnss_social_icon_add page to wp-admin/admin.php. | ||||
| CVE-2014-8948 | 1 Imember360 | 1 Imember360 | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to execute arbitrary commands. | ||||
| CVE-2014-3792 | 1 Beetel | 2 450tc2 Router, 450tc2 Router Firmware | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005_retail allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the uiViewTools_Password and uiViewTools_PasswordConfirm parameters to Forms/tools_admin_1. | ||||