Search Results (10341 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-8804 4 Canonical, Nettle Project, Opensuse and 1 more 5 Ubuntu Linux, Nettle, Leap and 2 more 2025-04-12 N/A
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
CVE-2015-8379 1 Cakephp 1 Cakephp 2025-04-12 N/A
CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.
CVE-2015-8152 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script.
CVE-2015-8131 1 Elastic 1 Kibana 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana before 4.1.3 and 4.2.x before 4.2.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-3382 1 Insite 1 Node Basket 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Node basket module for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add or (2) remove nodes from a basket via unspecified vectors.
CVE-2015-3374 1 Corner Project 1 Corner 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Corner module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable corners via unspecified vectors.
CVE-2013-2754 1 Umi-cms 1 Umi.cms 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a request to admin/users/add/user/do/.
CVE-2014-3792 1 Beetel 2 450tc2 Router, 450tc2 Router Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005_retail allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the uiViewTools_Password and uiViewTools_PasswordConfirm parameters to Forms/tools_admin_1.
CVE-2013-1399 2 Puppet, Puppetlabs 2 Puppet Enterprise, Puppet 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2013-4963 1 Puppet 1 Puppet Enterprise 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 allow remote attackers to hijack the authentication of users for requests that deleting a (1) report, (2) group, or (3) class or possibly have other unspecified impact.
CVE-2014-0473 3 Canonical, Djangoproject, Redhat 3 Ubuntu Linux, Django, Openstack 2025-04-12 N/A
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.
CVE-2014-2327 3 Cacti, Debian, Opensuse 3 Cacti, Debian Linux, Opensuse 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users.
CVE-2015-2613 2 Oracle, Redhat 4 Jdk, Jre, Rhel Extras and 1 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.
CVE-2015-0807 2 Mozilla, Redhat 4 Firefox, Firefox Esr, Thunderbird and 1 more 2025-04-12 N/A
The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638.
CVE-2011-5302 1 Kubelabs 1 Phpdug 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in adm/admin_edit.php in PHPDug 2.0.0 allows remote attackers to hijack the authentication of administrators for requests that modify credentials.
CVE-2011-5284 1 Smoothwall 1 Smoothwall 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that perform a reboot via a request to cgi-bin/shutdown.cgi.
CVE-2011-5298 1 Viralheat 1 Argyle Social 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Argyle Social 2011-04-26 allow remote attackers to hijack the authentication of administrators for requests that (1) modify credentials via the role parameter to users/create/, (2) modify rules via the terms field in stream_filter_rule JSON data to settings-ajax/stream_filter_rules/create, or (3) modify efforts via the title field in effort JSON data to publish-ajax/efforts/create.
CVE-2011-5300 1 Pommo 1 Pommo-ardvark 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin_ parameters.
CVE-2011-5306 1 Zaunz Gmbh 1 Cosmoshop 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/setup_edit.cgi in CosmoShop ePRO 10.05.00 allows remote attackers to hijack the authentication of administrators for requests that modify settings via a setup action.
CVE-2011-5311 1 Cherry-design 1 Wikipad 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to hijack the authentication of administrators for requests that modify pages via the data[text] parameter.