Export limit exceeded: 363090 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10301 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-3366 1 Alfresco 1 Alfresco 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an alfresco node via unspecified vectors.
CVE-2015-3367 1 Patterns 1 Patterns 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Patterns module before 7.x-2.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) restore, (2) publish, or (3) unpublish a pattern via unspecified vectors.
CVE-2015-3370 1 Node Invite Project 1 Node Invite 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to hijack the authentication of users with the "node_invite_can_manage_invite" permission for requests that re-enable node invitations via unspecified vectors.
CVE-2012-1978 1 Simple Php Agenda Project 1 Simple Php Agenda 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admin/adminprocess.php, (3) add an event via a request to engine/new_event.php, or (4) delete an event via a request to phpagenda/.
CVE-2015-5660 1 Extplorer 1 Extplorer 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.
CVE-2015-3950 1 Xzeres 2 442sr, 442sr Os 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that select a different default admin user via a GET request.
CVE-2015-3986 1 Thecartpress 1 Thecartpress Ecommerce Shopping Cart 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for requests that conduct directory traversal attacks via the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
CVE-2015-5731 1 Wordpress 1 Wordpress 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-post-lock action.
CVE-2015-4254 1 Cisco 1 Telepresence Advanced Media Gateway 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Advanced Media Gateway devices with software 1.1(1.40) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90732.
CVE-2015-4383 1 Decisions Project 1 Decisions 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Decisions module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that remove individual voters via unspecified vectors.
CVE-2015-4391 1 Civicrm 1 Civicrm Private Report 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the CiviCRM private report module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of users for requests that delete reports via unspecified vectors.
CVE-2015-4397 1 Node Template Project 1 Node Template 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Node Template module for Drupal allows remote attackers to hijack the authentication of users with the "access node template" permission for requests that delete node templates via unspecified vectors.
CVE-2015-5999 1 Dlink 2 Dir-816l, Dir-816l Firmware 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.
CVE-2014-5204 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-12 N/A
wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.
CVE-2015-5075 1 X2engine 1 X2crm 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create.
CVE-2015-2248 1 Sonicwall 1 Remote Access Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request to cgi-bin/editBookmark.
CVE-2015-2293 1 Yoast 1 Wordpress Seo 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote attackers to hijack the authentication of certain users for requests that conduct SQL injection attacks via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page.
CVE-2016-6635 1 Wordpress 1 Wordpress 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option.
CVE-2015-2721 6 Canonical, Debian, Mozilla and 3 more 12 Ubuntu Linux, Debian Linux, Firefox and 9 more 2025-04-12 N/A
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue.
CVE-2015-2912 1 Orientdb 1 Orientdb 2025-04-12 N/A
The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.