Export limit exceeded: 10347 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10347 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-5205 | 1 Wordpress | 1 Wordpress | 2025-04-12 | N/A |
| wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack. | ||||
| CVE-2014-5204 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-12 | N/A |
| wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack. | ||||
| CVE-2015-0741 | 1 Cisco | 1 Hosted Collaboration Solution | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596. | ||||
| CVE-2015-0920 | 1 Banner Effect Header Project | 1 Banner Effect Header | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter in the BannerEffectOptions page to wp-admin/options-general.php. | ||||
| CVE-2014-6168 | 1 Ibm | 1 Security Identity Manager | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | ||||
| CVE-2014-6198 | 1 Ibm | 1 Security Network Protection Firmware | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Security Network Protection 5.3 before 5.3.1 allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2014-6299 | 1 Mm Forum Project | 1 Mm Forum | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors. | ||||
| CVE-2014-8144 | 1 Doorkeeper Project | 1 Doorkeeper | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors. | ||||
| CVE-2014-8246 | 1 Broadcom | 1 Release Automation | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2014-8429 | 1 Xavoc | 1 Xepan Cms | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page. | ||||
| CVE-2014-8473 | 1 Ca | 1 Cloud Service Management | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2014-8953 | 1 Phpscriptlerim | 1 Php Scriptlerim Who\'s Who | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php. | ||||
| CVE-2014-9027 | 1 Zteusa | 1 Zxdsl 831cii | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the (1) enblftp, (2) enblhttp, (3) enblsnmp, (4) enbltelnet, (5) enbltftp, (6) enblicmp, or (7) enblssh parameter to accesslocal.cmd. | ||||
| CVE-2014-9033 | 1 Wordpress | 1 Wordpress | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords. | ||||
| CVE-2014-9099 | 1 Whydowork Adsense Project | 1 Whydowork Adsense | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the whydowork_adsense page in wp-admin/options-general.php. | ||||
| CVE-2015-0227 | 2 Apache, Redhat | 6 Wss4j, Jboss Amq, Jboss Data Grid and 3 more | 2025-04-12 | N/A |
| Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks." | ||||
| CVE-2015-0895 | 1 Tips And Tricks Hq | 1 All In One Wordpress Security And Firewall | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes. | ||||
| CVE-2015-0905 | 1 Bblog Project | 1 Bblog | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in bBlog allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2015-0970 | 1 Searchblox | 1 Searchblox | 2025-04-12 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2015-1580 | 1 Redirection Project | 1 Redirection | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) source or (3) redir parameter in an add action in the redirection-page to wp-admin/options-general.php. | ||||