Search Results (9403 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5996 1 Mediabridge 2 Medialink Mwn-wapr300n, Medialink Mwn-wapr300n Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2016-2082 1 Vmware 1 Vrealize Log Insight 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-3946 1 Advantech 1 Webaccess 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-7537 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.
CVE-2016-2285 1 Moxa 10 Miineport E1 4641, Miineport E1 4641 Firmware, Miineport E1 7080 and 7 more 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2014-8773 1 Modx 1 Modx Revolution 2025-04-12 N/A
MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter.
CVE-2014-9019 1 Zte 1 Zxdsl 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name or (2) conduct cross-site scripting (XSS) attacks via the sysUserName parameter in a save action to adminpasswd.cgi or (3) change the admin user password via the sysPassword parameter in a save action to adminpasswd.cgi.
CVE-2016-4820 1 Iodata 2 Etx-r, Etx-r Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users.
CVE-2014-7270 1 Asus 10 Rt-ac56s, Rt-ac56s Firmware, Rt-ac68u and 7 more 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-6304 1 Cisco 1 Telepresence Server Software 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut63724, and CSCut63760.
CVE-2016-6454 1 Cisco 1 Hosted Collaboration Mediation Fulfillment 2025-04-12 N/A
A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. More Information: CSCva54241. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(0.98000.216).
CVE-2014-9431 1 Smoothwall 1 Smoothwall 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi.
CVE-2015-5990 1 Zyxel 1 Gs1900-10hp Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2014-6214 1 Ibm 1 Websphere Portal 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2016-7123 1 Gnu 1 Mailman 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators.
CVE-2016-1172 1 Hiniarata 1 Casebook Plugin 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators.
CVE-2014-3040 1 Ibm 3 Emptoris Contract Management, Emptoris Sourcing Portfolio, Emptoris Spend Analysis 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4; and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2016-1158 1 Corega 4 Cg-wlbargmh, Cg-wlbargmh Firmware, Cg-wlbargnl and 1 more 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH and CG-WLBARGNL devices allows remote attackers to hijack the authentication of administrators for requests that perform administrative functions.
CVE-2016-1134 1 Buffalotech 16 Bhr-4grv2, Bhr-4grv2 Firmware, Wex-300 and 13 more 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to hijack the authentication of arbitrary users.
CVE-2013-4562 1 Madeofcode 1 Omniauth-facebook 2025-04-12 N/A
The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter.