Search Results (10348 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-3414 1 Sharetronix 1 Sharetronix 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Sharetronix before 3.4 allows remote attackers to hijack the authentication of administrators for requests that add administrative privileges to a user via the admin parameter to admin/administrators.
CVE-2015-6827 1 Auto-exchanger 1 Auto-exchanger 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Auto-Exchanger 5.1.0 allows remote attackers to hijack the authentication of users for requests that change a password via a request to signup.php.
CVE-2015-0145 1 Ibm 1 Openpages Grc Platform 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2016-3653 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users.
CVE-2014-9104 1 Openvpn 1 Openvpn Access Server 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting established VPN sessions, (2) connect to arbitrary VPN servers, or (3) create VPN profiles and execute arbitrary commands via crafted API requests.
CVE-2015-6493 1 Infinite Automation Systems 1 Mango Automation 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
CVE-2014-5100 1 Omeka 1 Omeka 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security.
CVE-2015-0920 1 Banner Effect Header Project 1 Banner Effect Header 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter in the BannerEffectOptions page to wp-admin/options-general.php.
CVE-2015-0759 1 Cisco 1 Headend Digital Broadband Delivery System 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-6408 1 Cisco 1 Unity Connection 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578.
CVE-2013-2693 1 Wp-plugins 1 Wp-print 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Options in the WP-Print plugin before 2.52 for WordPress allows remote attackers to hijack the authentication of administrators for requests that manipulate plugin settings via unspecified vectors.
CVE-2015-6405 1 Cisco 1 Emergency Responder 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501.
CVE-2014-5241 1 Mediawiki 1 Mediawiki 2025-04-12 N/A
The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with a restricted character set.
CVE-2015-4108 1 Wftpserver 1 Wing Ftp Server 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP Server before 4.4.7 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code via a crafted request to admin_lua_script.html or (2) add a domain administrator via a crafted request to admin_addadmin.html.
CVE-2016-1151 1 Cybozu 1 Office 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users.
CVE-2014-8429 1 Xavoc 1 Xepan Cms 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page.
CVE-2014-8473 1 Ca 1 Cloud Service Management 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2014-9392 1 Pictobrowser Project 1 Pictobrowser 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the PictoBrowser (pictobrowser-gallery) plugin 0.3.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the pictoBrowserFlickrUser parameter in the options-page.php page to wp-admin/options-general.php.
CVE-2014-9395 1 Simplelife Project 1 Simplelife 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simplelife plugin 1.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simplehoverback, (2) simplehovertext, (3) flickrback, or (4) simple_flimit parameter in the simplelife.php page to wp-admin/options-general.php.
CVE-2014-9396 1 Simpleflickr Project 1 Simpleflickr 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleFlickr plugin 3.0.3 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simpleflickr_width, (2) simpleflickr_bgcolor, or (3) simpleflickr_xmldatapath parameter in the simpleFlickr.php page to wp-admin/options-general.php.