Export limit exceeded: 10354 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10354 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4140 | 1 Djangoproject | 1 Django | 2025-04-11 | N/A |
| The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code. | ||||
| CVE-2011-4173 | 1 Simplemachines | 1 Smf | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2011-5195 | 1 Public Knowledge Project | 1 Open Conference Systems | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Conference Systems 2.3.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload a PHP file. | ||||
| CVE-2011-5196 | 1 Public Knowledge Project | 1 Open Journal Systems | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files. | ||||
| CVE-2011-5197 | 1 Public Knowledge Project | 1 Open Harvester Systems | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Harvester Systems 2.3.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files. | ||||
| CVE-2011-5226 | 2 Trioniclabs, Wordpress | 2 Sentinel, Wordpress | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots. | ||||
| CVE-2012-0990 | 1 Dclassifieds | 1 Dclassifieds | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify account settings such as the administrator password or email via certain Settings[] parameters. | ||||
| CVE-2012-0997 | 1 11in1 | 1 11in1 | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action. | ||||
| CVE-2012-1922 | 1 Sitecom | 1 Wlm-2501 | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac Filtering via admin/formFilter, (2) IP/Port Filtering via formFilter, (3) Port Forwarding via formPortFw, (4) Wireless Access Control via admin/formWlAc, (5) Wi-Fi Protected Setup via formWsc, (6) URL Blocking Filter via formURL, (7) Domain Blocking Filter via formDOMAINBLK, and (8) IP Address ACL Filter via admin/formACL in goform/, different vectors than CVE-2012-1921. | ||||
| CVE-2012-0317 | 1 Sixapart | 1 Movable Type | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script. | ||||
| CVE-2010-2234 | 1 Apache | 1 Couchdb | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL. | ||||
| CVE-2013-0126 | 1 Verizon | 2 Fios Actiontec Mi424wr-gen31 Router, Fios Actiontec Mi424wr-gen31 Router Firmware | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters. | ||||
| CVE-2013-0144 | 1 Qnap | 1 Viostor Network Video Recorder | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in cgi-bin/create_user.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a NEW USER action. | ||||
| CVE-2012-6629 | 1 Xyzscripts | 1 Newsletter Manager | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change an email address or (2) conduct script insertion attacks. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2012-5763 | 1 Ibm | 1 Netezza | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2013-1088 | 1 Novell | 1 Imanager | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container. | ||||
| CVE-2013-1639 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request. | ||||
| CVE-2013-1692 | 2 Mozilla, Redhat | 5 Firefox, Thunderbird, Thunderbird Esr and 2 more | 2025-04-11 | N/A |
| Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site. | ||||
| CVE-2013-1733 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision token. | ||||
| CVE-2013-1734 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action. | ||||