Export limit exceeded: 10347 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10347 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-5205 1 Wordpress 1 Wordpress 2025-04-12 N/A
wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.
CVE-2014-5204 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-12 N/A
wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.
CVE-2015-0741 1 Cisco 1 Hosted Collaboration Solution 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596.
CVE-2015-0920 1 Banner Effect Header Project 1 Banner Effect Header 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter in the BannerEffectOptions page to wp-admin/options-general.php.
CVE-2014-6168 1 Ibm 1 Security Identity Manager 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2014-6198 1 Ibm 1 Security Network Protection Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in IBM Security Network Protection 5.3 before 5.3.1 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2014-6299 1 Mm Forum Project 1 Mm Forum 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors.
CVE-2014-8144 1 Doorkeeper Project 1 Doorkeeper 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors.
CVE-2014-8246 1 Broadcom 1 Release Automation 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2014-8429 1 Xavoc 1 Xepan Cms 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page.
CVE-2014-8473 1 Ca 1 Cloud Service Management 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2014-8953 1 Phpscriptlerim 1 Php Scriptlerim Who\'s Who 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php.
CVE-2014-9027 1 Zteusa 1 Zxdsl 831cii 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the (1) enblftp, (2) enblhttp, (3) enblsnmp, (4) enbltelnet, (5) enbltftp, (6) enblicmp, or (7) enblssh parameter to accesslocal.cmd.
CVE-2014-9033 1 Wordpress 1 Wordpress 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords.
CVE-2014-9099 1 Whydowork Adsense Project 1 Whydowork Adsense 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the whydowork_adsense page in wp-admin/options-general.php.
CVE-2015-0227 2 Apache, Redhat 6 Wss4j, Jboss Amq, Jboss Data Grid and 3 more 2025-04-12 N/A
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."
CVE-2015-0895 1 Tips And Tricks Hq 1 All In One Wordpress Security And Firewall 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes.
CVE-2015-0905 1 Bblog Project 1 Bblog 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in bBlog allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-0970 1 Searchblox 1 Searchblox 2025-04-12 8.8 High
Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-1580 1 Redirection Project 1 Redirection 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) source or (3) redir parameter in an add action in the redirection-page to wp-admin/options-general.php.