Export limit exceeded: 10354 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10354 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-6187 1 Ibm 1 Websphere Service Registry And Repository 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x before 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
CVE-2014-2178 1 Cisco 7 Rv120w, Rv120w Firmware, Rv180 and 4 more 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145.
CVE-2015-0218 1 Moodle 1 Moodle 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.
CVE-2013-4240 1 Hitmyserver 1 Hms Testimonials 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add new testimonials via the hms-testimonials-addnew page, (2) add new groups via the hms-testimonials-addnewgroup page, (3) change default settings via the hms-testimonials-settings page, (4) change advanced settings via the hms-testimonials-settings-advanced page, (5) change custom fields settings via the hms-testimonials-settings-fields page, or (6) change template settings via the hms-testimonials-templates-new page to wp-admin/admin.php.
CVE-2015-2676 1 Asus 2 Rt-g32, Rt-g32 Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm.
CVE-2014-3882 1 12net 1 Login Rebuilder 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary users.
CVE-2014-3267 1 Cisco 1 Security Manager 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427.
CVE-2014-3305 1 Cisco 1 Webex Meetings Server 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735.
CVE-2012-1203 1 Syndeocms 1 Syndeocms 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in starnet/index.php in SyndeoCMS 3.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts via a save_user action.
CVE-2014-1990 1 Toshibatec 4 E-studio-232, E-studio-233, E-studio-282 and 1 more 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the web-based management utility) on TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices allows remote attackers to hijack the authentication of administrators for requests that change passwords.
CVE-2014-5204 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-12 N/A
wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.
CVE-2015-2350 1 Mikrotik 1 Routeros 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg.
CVE-2014-2518 1 Emc 9 Digital Assets Manager, Documentum Administrator, Documentum Capital Projects and 6 more 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users.
CVE-2014-7996 1 Cisco 1 Unified Computing System 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477.
CVE-2014-3866 1 Usercake 1 Usercake 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that change the (1) administrative password via the passwordc parameter or (2) administrative e-mail address via the email parameter.
CVE-2014-10014 1 Phpjabbers 1 Event Booking Calendar 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change the username and password of the administrator via an update action to the AdminOptions controller or conduct cross-site scripting (XSS) attacks via the (2) event_title parameter in a create action to the AdminEvents controller or (3) category_title parameter in a create action to the AdminCategories controller.
CVE-2014-10008 1 Iwcn 1 Stark Crm 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add (1) an administrator via a crafted request to the admin page, (2) an agent via a crafted request to the agent page, (3) a sub-agent via a crafted request to the sub_agent page, (4) a partner via a crafted request to the partner page, or (5) a client via a crafted request to the client page.
CVE-2014-10006 1 Maianscriptworld 1 Maian Uploader 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attackers to hijack the authentication of unspecified users for requests that conduct cross-site scripting (XSS) attacks via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php.
CVE-2014-2974 1 Silver-peak 1 Vx 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
CVE-2014-2989 1 Open Assessment Technologies 1 Tao 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Open Assessment Technologies TAO 2.5.6 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a request to Users/add.