Export limit exceeded: 341139 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8868 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-3451 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033. | ||||
| CVE-2012-2069 | 2 Drupal, Mclewin | 2 Drupal, Wishlist | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via the (1) wl_reveal or (2) q parameters. | ||||
| CVE-2010-2113 | 1 Uniformserver | 1 Uniformserver | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in The Uniform Server 5.6.5 allow remote attackers to hijack the authentication of administrators for requests that change passwords via (1) apsetup.php, (2) psetup.php, (3) sslpsetup.php, or (4) mqsetup.php. | ||||
| CVE-2012-0314 | 1 Emobile | 2 Pocket Wifi, Pocket Wifi Firmware | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the eAccess Pocket WiFi (aka GP02) router before 2.00 with firmware 11.203.11.05.168 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device. | ||||
| CVE-2009-4981 | 1 Keil-software | 1 Photokorn Gallery | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Photokorn Gallery 1.81 allow remote attackers to hijack the authentication of administrators. | ||||
| CVE-2013-3424 | 1 Cisco | 1 Secure Access Control System | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Administration and View pages in Cisco Secure Access Control System (ACS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCud75177. | ||||
| CVE-2013-5730 | 1 Dlink | 2 Dsl-2740b, Dsl-2740b Firmware | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or disable Wireless MAC Address Filters via a wlFltMode action to wlmacflt.cmd, (2) enable or disable firewall protections via a request to scdmz.cmd, or (3) enable or disable remote management via a save action to scsrvcntr.cmd. | ||||
| CVE-2012-1057 | 2 Drupal, Sean Robertson | 2 Drupal, Forward | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper "flood control." | ||||
| CVE-2011-5011 | 1 Xt-commerce | 1 Xt-commerce | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in xt:Commerce 3.0.4 SP2.1 and possibly earlier allow remote attackers to hijack the authentication of Admins for requests that (1) set a New user to Admin via the cID parameter to a statusconfirm action in admin/customers.php and (2) grant permissions to users via the cID parameter to a save action in admin/accounting.php. | ||||
| CVE-2011-3994 | 1 Skyarc | 5 Autotagging, Duplicateentry, Mailpack and 2 more | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data. | ||||
| CVE-2013-0329 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-11 | N/A |
| Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to bypass the CSRF protection mechanism via unknown attack vectors. | ||||
| CVE-2013-6202 | 1 Hp | 1 Service Manager | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in HP Service Manager 9.30, 9.31, 9.32, and 9.33 allow remote attackers to hijack the authentication of unspecified victims for requests that (1) insert XSS sequences or (2) execute arbitrary code. | ||||
| CVE-2012-3231 | 1 Webatall | 1 Web\@all | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary code via a do_addfile action to inc/browser/action.php. | ||||
| CVE-2013-2762 | 1 Schneider-electric | 1 Magelis Xbt Hmi | 2025-04-11 | N/A |
| The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions via crafted configuration data. | ||||
| CVE-2012-0235 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2012-2077 | 2 Drupal, Rob Loach | 2 Drupal, Sharethis | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permissions via unknown vectors "outside of the Form API." | ||||
| CVE-2012-5320 | 1 Sagem | 2 F\@st 2604, F\@st 2604 Firmware | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in password.cgi in Sagem F@ST 2604 253180972B allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter. | ||||
| CVE-2013-0460 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the portlet subsystem in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 and 7.0 before 7.0.0.27 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. | ||||
| CVE-2013-0452 | 1 Ibm | 2 Software Use Analysis, Tivoli Endpoint Manager | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format (AMF) messages. | ||||
| CVE-2013-0580 | 1 Ibm | 1 Infosphere Optim Data Growth For Oracle E-business Suite | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the authentication of arbitrary users. | ||||