Export limit exceeded: 10809 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 10340 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10340 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-0813 1 Phpmyfaq 1 Phpmyfaq 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings.
CVE-2013-4671 1 Symantec 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
CVE-2013-3694 3 Apple, Blackberry, Microsoft 3 Mac Os X, Blackberry Link, Windows 2025-04-11 N/A
BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving DNS rebinding.
CVE-2013-7107 1 Icinga 1 Icinga 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via unspecified vectors, as demonstrated by bypassing authentication requirements for CVE-2013-7106.
CVE-2012-4486 2 Boombatower, Drupal 2 Subuser, Drupal 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors.
CVE-2012-4478 2 David Alkire, Drupal 2 Drag \& Drop Gallery, Drupal 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to hijack the authentication of administrators.
CVE-2014-0736 1 Cisco 1 Unified Communications Manager 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468.
CVE-2013-6429 3 Pivotal Software, Redhat, Vmware 4 Spring Framework, Jboss Amq, Jboss Fuse and 1 more 2025-04-11 N/A
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.
CVE-2012-4431 2 Apache, Redhat 6 Tomcat, Jboss Data Grid, Jboss Enterprise Application Platform and 3 more 2025-04-11 N/A
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
CVE-2012-1633 2 Drupal, Erikwebb 2 Drupal, Password Policy 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote attackers to hijack the authentication of administrative users for requests that unblock a user.
CVE-2012-1636 2 Drupal, Luke Herrington 2 Drupal, Stickynote 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes via unspecified vectors.
CVE-2012-5216 1 Hp 3 Procurve Switch 1700-24, Procurve Switch 1700-8, Procurve Switch Software 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8 (aka J9079A) switches with software before VA.02.09 and 1700-24 (aka J9080A) switches with software before VB.02.09 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-5178 2 Welcart, Wordpress 2 Welcart Plugin, Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that complete a purchase.
CVE-2012-1580 1 Mediawiki 1 Mediawiki 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files.
CVE-2012-5950 1 Ibm 1 Tririga Application Platform 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to hijack the authentication of arbitrary users for requests that modify data records via vectors involving (1) the html/en/default/ directory or (2) sqa/html/en/default/process/comm/saveProps.jsp.
CVE-2013-2158 2 Drupal, Services Project 2 Drupal, Services 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2011-3846 1 Hp 1 System Management Homepage 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 6.2.2.7 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
CVE-2012-4324 1 Phpjabbers 1 Vacation Rental Script 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in PHPJabbers Vacation Rental Script allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a create action in the AdminUsers module to index.php.
CVE-2012-4325 1 Utopiasoftware 1 News Pro 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in upload/users.php in Utopia News Pro (UNP) 1.4.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts.
CVE-2013-3540 1 Ovislink 6 Airlive Od-2025hd, Airlive Od-2060hd, Airlive Poe100hd and 3 more 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.