Export limit exceeded: 365340 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (9423 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-6631 1 Vessio 1 Netbill 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in accounts/admin/index.php in Vessio NetBill 1.2 allows remote attackers to hijack the authentication of administrators for requests that add accounts via a new-client action.
CVE-2013-5993 1 Lockon 1 Ec-cube 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals.
CVE-2010-5080 1 Silverstripe 1 Silverstripe 2025-04-11 N/A
The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HTTP referer leakage."
CVE-2012-1633 2 Drupal, Erikwebb 2 Drupal, Password Policy 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote attackers to hijack the authentication of administrative users for requests that unblock a user.
CVE-2012-6629 1 Xyzscripts 1 Newsletter Manager 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change an email address or (2) conduct script insertion attacks. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2012-1631 2 Databasepublish, Drupal 2 Admin\, Drupal 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Admin:hover module for Drupal allows remote attackers to hijack the authentication of administrators for requests that unpublish all nodes, and possibly other actions, via unspecified vectors.
CVE-2012-1514 1 Vmware 1 Vshield Manager 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in VMware vShield Manager (vSM) 1.0.1 before Update 2 and 4.1.0 before Update 2 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2013-3250 1 Wordpress 1 Wp Maintenance Mode Plugin 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the WP Maintenance Mode plugin before 1.8.8 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings.
CVE-2011-0650 1 Greenbone 1 Greenbone Security Assistant 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in Greenbone Security Assistant (GSA) before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirements for exploiting CVE-2011-0018.
CVE-2011-3669 1 Mozilla 1 Bugzilla 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that upload attachments.
CVE-2013-1639 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.
CVE-2010-1150 1 Mediawiki 1 Mediawiki 2025-04-11 N/A
MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a "login CSRF" issue.
CVE-2011-5197 1 Public Knowledge Project 1 Open Harvester Systems 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Harvester Systems 2.3.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.
CVE-2011-4298 1 Moodle 1 Moodle 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in mod/wiki/ components in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allow remote attackers to hijack the authentication of arbitrary users for requests that modify wiki data.
CVE-2013-6192 1 Hp 1 Operations Orchestration 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration before 9 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2011-3293 1 Cisco 1 Secure Access Control Server 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143.
CVE-2012-5320 1 Sagem 2 F\@st 2604, F\@st 2604 Firmware 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in password.cgi in Sagem F@ST 2604 253180972B allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.
CVE-2011-0760 2 Adminofsystem, Wordpress 2 Wp Related Posts, Wordpress 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration screen in wp-relatedposts.php in the WP Related Posts plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the (1) wp_relatedposts_title, (2) wp_relatedposts_num, or (3) wp_relatedposts_type parameter.
CVE-2013-6202 1 Hp 1 Service Manager 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in HP Service Manager 9.30, 9.31, 9.32, and 9.33 allow remote attackers to hijack the authentication of unspecified victims for requests that (1) insert XSS sequences or (2) execute arbitrary code.
CVE-2014-0831 1 Ibm 1 Financial Transaction Manager 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data.