Export limit exceeded: 14775 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 10345 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10345 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-1211 1 Vmware 1 Vcloud Director 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.
CVE-2014-0835 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console Auto Update settings.
CVE-2013-7107 1 Icinga 1 Icinga 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via unspecified vectors, as demonstrated by bypassing authentication requirements for CVE-2013-7106.
CVE-2013-6976 1 Cisco 1 Epc3925 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496.
CVE-2013-2704 2 Metin Saylan, Wordpress 2 Dropdown Menu Widget, Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu Widget plugin 1.9.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences.
CVE-2013-2703 2 Crunchify, Wordpress 2 Facebook Members, Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Facebook Members plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings.
CVE-2013-2702 2 Thulasidas, Wordpress 2 Easy-adsense-lite, Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Easy AdSense Lite plugin before 6.10 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings.
CVE-2013-2701 1 Linksalpha 1 Social Sharing Toolkit Plugin 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Social Sharing Toolkit plugin 2.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that manipulate plugin settings via unknown vectors.
CVE-2013-5355 1 Sharetronix 1 Sharetronix 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Sharetronix 3.1.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) create new administrative users via unspecified vectors.
CVE-2013-2696 2 Crunchify, Wordpress 2 All-in-on-webmaster, Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2013-6883 1 Cru-inc 2 Ditto Forensic Fieldstation, Ditto Forensic Fieldstation Firmware 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests that modify the disk erase technique settings via unspecified vectors.
CVE-2013-6852 1 Hp 1 2620-24-poe\+ Switch 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method.
CVE-2013-6826 1 Fortinet 7 Fortianalyzer-1000d, Fortianalyzer-2000b, Fortianalyzer-200d and 4 more 2025-04-11 N/A
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.
CVE-2013-4881 1 Bigtreecms 1 Bigtree Cms 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php.
CVE-2013-4871 2 Markus Blaschke, Typo3 2 Tq Seo, Typo3 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-5891 1 Dalbum 1 Dalbum 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change action, or (3) delete a user via a delete action.
CVE-2011-0535 1 Zikula 1 Zikula Application Framework 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php.
CVE-2012-3384 1 Wordpress 1 Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2013-4671 1 Symantec 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-1308 1 Dlink 2 Dsl-2640b, Dsl-2640b Firmware 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.