Search Results (9434 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-6253 1 Zenoss 1 Zenoss Core 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to hijack the authentication of arbitrary users, aka ZEN-12653.
CVE-2014-6299 1 Mm Forum Project 1 Mm Forum 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors.
CVE-2015-7278 1 Ampedwireless 2 R10000, R10000 Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on Amped Wireless R10000 devices with firmware 2.5.2.11 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2014-6409 1 Mmonit 1 M\/monit 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update.
CVE-2014-6439 1 Elasticsearch 1 Elasticsearch 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-7158 1 Exinda 1 Wan Optimization Suite 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to admin/launch.
CVE-2015-7281 1 Readynet Solutions 2 Wrt300n-dd, Wrt300n-dd Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD devices with firmware 1.0.26 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-7284 1 Zyxel 2 Nbg-418n, Nbg-418n Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-7291 1 Arris 4 Dg860a, Na Model 862 Gw Mono Firmware, Tg862a and 1 more 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2014-7190 1 Openfiler 1 Openfiler 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Openfiler 2.99.1 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown or (2) reboot the server via a request to admin/system_shutdown.html.
CVE-2016-6468 1 Cisco 1 Emergency Responder 2025-04-12 N/A
A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvb06663. Known Affected Releases: 11.5(1.10000.4). Known Fixed Releases: 12.0(0.98000.14).
CVE-2014-3836 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site scripting (XSS) attacks, (2) modify files, or (3) rename files via unspecified vectors.
CVE-2014-4030 1 Longtailvideo 1 Jw Player For Flash \& Html5 Video Plugin 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php.
CVE-2014-3920 1 Kanboard 1 Kanboard 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI.
CVE-2014-3866 1 Usercake 1 Usercake 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that change the (1) administrative password via the passwordc parameter or (2) administrative e-mail address via the email parameter.
CVE-2014-2390 1 Mcafee 1 Network Security Manager 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Security Manager (NSM) before 6.1.15.39 7.1.5.x before 7.1.5.15, 7.1.15.x before 7.1.15.7, 7.5.x before 7.5.5.9, and 8.x before 8.1.7.3 allows remote attackers to hijack the authentication of users for requests that modify user accounts via unspecified vectors.
CVE-2014-2559 1 Twitget Project 1 Twitget 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change unspecified plugin options via a request to wp-admin/options-general.php.
CVE-2014-2659 1 Papercut 2 Papercut Mf, Papercut Ng 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2013-4963 1 Puppet 1 Puppet Enterprise 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 allow remote attackers to hijack the authentication of users for requests that deleting a (1) report, (2) group, or (3) class or possibly have other unspecified impact.
CVE-2013-3729 1 Kasseler-cms 1 Kasseler-cms 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) groups[] parameter in a send action in the sendmail module or (2) query parameter in a sql_query action in the database module to admin.php, related to CVE-2013-3727.