Export limit exceeded: 10344 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10344 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-6973 1 Igniterealtime 1 Openfire 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafted request to user-create.jsp, (3) edit server settings or (4) disable SSL on the server via a crafted request to server-props.jsp, or (5) add clients via a crafted request to plugins/clientcontrol/permitted-clients.jsp.
CVE-2015-6944 1 Jsp\/mysql Administrador Web Project 1 Jsp\/mysql Administrador Web 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to hijack the authentication of users for requests that execute arbitrary SQL commands via the cmd parameter to sys/sys/listaBD2.jsp.
CVE-2016-4066 1 Fortinet 1 Fortiweb 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Fortinet FortiWeb before 5.5.3 allows remote attackers to hijack the authentication of administrators for requests that change the password via unspecified vectors.
CVE-2015-0145 1 Ibm 1 Openpages Grc Platform 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2015-0115 1 Ibm 1 Leads 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to hijack the authentication of customer accounts.
CVE-2015-6468 1 Resource Data Management Data Manager 1 Data Manager 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Resource Data Management Data Manager before 2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-6376 1 Cisco 1 Telepresence Video Communication Server Software 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv72412.
CVE-2015-8805 4 Canonical, Nettle Project, Opensuse and 1 more 5 Ubuntu Linux, Nettle, Leap and 2 more 2025-04-12 N/A
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
CVE-2015-8804 4 Canonical, Nettle Project, Opensuse and 1 more 5 Ubuntu Linux, Nettle, Leap and 2 more 2025-04-12 N/A
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
CVE-2015-6378 1 Cisco 1 Dpq3925 8x4 Docsis 3.0 Wireless Residential Gateway With Embedded Digital Voice Adapter 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943.
CVE-2015-7278 1 Ampedwireless 2 R10000, R10000 Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on Amped Wireless R10000 devices with firmware 2.5.2.11 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-7281 1 Readynet Solutions 2 Wrt300n-dd, Wrt300n-dd Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD devices with firmware 1.0.26 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-8803 4 Canonical, Nettle Project, Opensuse and 1 more 5 Ubuntu Linux, Nettle, Leap and 2 more 2025-04-12 N/A
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
CVE-2015-6728 1 Mediawiki 1 Mediawiki 2025-04-12 N/A
The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.
CVE-2014-8925 1 Ibm 1 Rational Clearquest 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences.
CVE-2015-2701 1 Cs-cart 1 Cs-cart 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/.
CVE-2016-3007 1 Ibm 1 Connections 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users.
CVE-2016-3009 1 Ibm 1 Connections 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the Connections generic page.
CVE-2013-6942 1 Citrix 1 Netscaler Application Delivery Controller Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2016-6444 1 Cisco 1 Meeting Server 2025-04-12 N/A
A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0.