Search Results (9409 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-7107 1 Icinga 1 Icinga 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via unspecified vectors, as demonstrated by bypassing authentication requirements for CVE-2013-7106.
CVE-2012-4773 1 Intelliants 1 Subrion Cms 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.
CVE-2013-2709 2 Crunchify, Wordpress 2 Foursquare-checkins, Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the FourSquare Checkins plugin before 1.3 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2012-0453 1 Mozilla 1 Bugzilla 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API.
CVE-2012-2128 1 Andreas Gohr 1 Dokuwiki 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129: "the exploit code simply uses the XSS hole to extract a valid CSRF token."
CVE-2012-3309 1 Ibm 1 Infosphere Guardium 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the account-creation panel in IBM InfoSphere Guardium 8.2 and earlier, when the CSRF filtering (aka csrf_status) feature is disabled, allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
CVE-2012-4326 1 Altrasoft 1 Site Uptime Enterprise 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in commonsettings.php in AlstraSoft Site Uptime Enterprise, possibly 5.4, allows remote attackers to hijack the authentication of administrators.
CVE-2011-2773 1 Mahara 1 Mahara 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution.
CVE-2012-0990 1 Dclassifieds 1 Dclassifieds 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify account settings such as the administrator password or email via certain Settings[] parameters.
CVE-2013-0532 1 Ibm 2 Rational Policy Tester, Security Appscan 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that cause a denial of service via malformed HTTP data.
CVE-2009-4906 1 Accscripts 1 Acc Php Email 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in index.php in Acc PHP eMail 1.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords.
CVE-2011-1026 1 Apache 1 Archiva 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
CVE-2012-4324 1 Phpjabbers 1 Vacation Rental Script 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in PHPJabbers Vacation Rental Script allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a create action in the AdminUsers module to index.php.
CVE-2010-2231 1 Moodle 1 Moodle 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter.
CVE-2014-0831 1 Ibm 1 Financial Transaction Manager 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data.
CVE-2009-4905 1 Accscripts 1 Acc Statistics 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Acc Statistics 1.1 allow remote attackers to hijack the authentication of administrators for requests that change (1) passwords, (2) usernames, and (3) e-mail addresses.
CVE-2011-3668 1 Mozilla 1 Bugzilla 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that create bug reports.
CVE-2012-2155 2 Drupal, Kyle Browning 2 Drupal, Cdn2 Video 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-2061 2 Drupal, Nijskens Raf 2 Drupal, Admintools 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Admin tools module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors involving "not checking tokens."
CVE-2010-3989 1 Hp 1 Insight Control Virtual Machine Management 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.