Search Results (10340 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-4921 1 Dvs Custom Notification Project 1 Dvs Custom Notification 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change application settings or (2) conduct cross-site scripting (XSS) attacks.
CVE-2012-5500 2 Plone, Redhat 2 Plone, Rhel Cluster 2025-04-12 N/A
The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.
CVE-2012-5683 1 Zpanelcp 1 Zpanel 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create new FTP users via a CreateFTP action in the ftp_management module to the default URI, (2) conduct cross-site scripting (XSS) attacks via the inFullname parameter in an UpdateAccountSettings action in the my_account module to zpanel/, or (3) conduct SQL injection attacks via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI.
CVE-2012-5695 1 Bulbsecurity 1 Smartphone Pentest Framework 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS message.
CVE-2012-5701 1 Dotproject 1 Dotproject 2025-04-12 N/A
Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
CVE-2012-6691 1 Oscmax 1 Oscmax 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) status parameter to admin/stats_monthly_sales.php or (2) country parameter in a process action to admin/create_account_process.php.
CVE-2013-2107 1 Mail On Update Project 1 Mail On Update 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change the "List of alternative recipients" via the mailonupdate_mailto parameter in the mail-on-update page to wp-admin/options-general.php. NOTE: a third party claims that 5.2.1 and 5.2.2 are also vulnerable, but the issue might require a separate CVE identifier since this might reflect an incomplete fix.
CVE-2013-3068 1 Cisco 2 Linksys Wrt310n Router Firmware, Linksys Wrt350n 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports.
CVE-2013-3083 1 Belkin 1 F5d8236-4 V2 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_setting.exe in Belkin F5D8236-4 v2 allows remote attackers to hijack the authentication of administrators for requests that open the remote management interface on arbitrary ports via the remote_mgmt_enabled and remote_mgmt_port parameters.
CVE-2013-3086 1 Belkin 2 N900, N900 Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in util_system.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration settings including passwords and remote management ports.
CVE-2013-3089 1 Belkin 2 N300, N300 Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify configuration.
CVE-2013-5443 1 Ibm 1 Cognos Express 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2013-7346 1 Getsymphony 1 Symphony 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to CVE-2013-2559.
CVE-2013-7376 1 Openx 1 Openx 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514.
CVE-2013-7407 1 Drupal 1 Mrbs Module 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2014-0641 1 Emc 1 Rsa Archer Egrc 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2014-0740 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701.
CVE-2014-0745 1 Cisco 1 Unified Contact Center Express Editor Software 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502.
CVE-2014-2115 1 Cisco 1 Emergency Responder 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250.
CVE-2014-2152 1 Cisco 1 Prime Infrastructure 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the INSERT page in Cisco Prime Infrastructure (PI) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun21868.