Search Results (9405 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-1325 1 Lockon 1 Ec-cube 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-4325 1 Utopiasoftware 1 News Pro 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in upload/users.php in Utopia News Pro (UNP) 1.4.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts.
CVE-2009-4907 1 Dootzky 1 Oblog 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) force an admin logout, (3) change the visibility of posts, (4) remove links, and (5) change the name fields of a blog.
CVE-2013-2628 1 Idleman 1 Leed 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token.
CVE-2010-3694 1 Horde 1 Horde Application Framework 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form.
CVE-2013-5316 1 Ritecms 1 Ritecms 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php.
CVE-2013-0214 2 Redhat, Samba 2 Enterprise Linux, Samba 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions.
CVE-2012-1636 2 Drupal, Luke Herrington 2 Drupal, Stickynote 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes via unspecified vectors.
CVE-2010-2594 7 Ibm, Intersect Alliance, Linux and 4 more 14 Aix, Snare Agent, Snare Epilog and 11 more 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.
CVE-2013-5726 1 Tapbots 1 Tweetbot 2025-04-11 N/A
Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL.
CVE-2013-3992 1 Ibm 1 Infosphere Biginsights 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere BigInsights 2.0 through 2.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
CVE-2013-3963 1 Grandstream 11 Gxv3500, Gxv3501, Gxv3504 and 8 more 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users.
CVE-2011-1104 1 Mutare 1 Evm 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Mutare EVM allow remote attackers to hijack the authentication of arbitrary users for requests that (1) change a PIN, (2) delete messages, (3) add a delivery address, or (4) change a delivery address.
CVE-2012-4732 1 Bestpractical 1 Rt 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks.
CVE-2013-0207 2 Drupal, Leighton Whiting 2 Drupal, Mark Complete 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Mark Complete module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-0829 1 Mibew 1 Mibew Messenger 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew Messenger 1.6.4 and earlier allow remote attackers to hijack the authentication of operators for requests that insert cross-site scripting (XSS) sequences via the (1) address or (2) threadid parameters to operator/ban.php; or (3) geolinkparams, (4) title, or (5) chattitle parameters to operator/settings.php.
CVE-2010-5088 1 Silverstripe 1 Silverstripe 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in SilverStripe 2.3.x before 2.3.9 and 2.4.x before 2.4.3 allow remote attackers to hijack the authentication of administrators via destructive controller actions, a different vulnerability than CVE-2010-5087.
CVE-2013-3253 2 Wordpress, Xhanch 2 Wordpress, My Twitter 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in admin/setting.php in the Xhanch - My Twitter plugin before 2.7.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change unspecified settings.
CVE-2012-2605 1 Bradfordnetworks 2 Network Sentry Appliance, Network Sentry Appliance Software 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote attackers to hijack the authentication of administrators for requests that (1) insert XSS sequences or (2) send messages to clients.
CVE-2010-0289 1 Dokuwiki 1 Dokuwiki 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors.