Export limit exceeded: 10302 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10302 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9454 | 1 Simple Sticky Footer Project | 1 Simple Sticky Footer | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before 1.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) simple_sf_width or (3) simple_sf_style parameter in the simple-simple-sticky-footer page to wp-admin/themes.php. | ||||
| CVE-2014-9431 | 1 Smoothwall | 1 Smoothwall | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi. | ||||
| CVE-2015-7364 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-12 | N/A |
| The HTML_Quickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token. | ||||
| CVE-2014-3455 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allow remote attackers to hijack the authentication of users for requests that have unspecified impact and vectors. | ||||
| CVE-2014-9413 | 1 Ip Ban Project | 1 Ip Ban | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the IP Ban (simple-ip-ban) plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ip_list, (2) user_agent_list, or (3) redirect_url parameter in the simple-ip-ban page to wp-admin/options-general.php. | ||||
| CVE-2015-6965 | 1 Creative-solutions | 1 Contact Form Generator | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) create a field, (2) update a field, (3) delete a field, (4) create a form, (5) update a form, (6) delete a form, (7) create a template, (8) update a template, (9) delete a template, or (10) conduct cross-site scripting (XSS) attacks via a crafted request to the cfg_forms page in wp-admin/admin.php. | ||||
| CVE-2015-1432 | 1 Phpbb | 1 Phpbb | 2025-04-12 | N/A |
| The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors. | ||||
| CVE-2014-9414 | 1 Boldgrid | 1 W3 Total Cache | 2025-04-12 | N/A |
| The W3 Total Cache plugin before 0.9.4.1 for WordPress does not properly handle empty nonces, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and hijack the authentication of administrators for requests that change the mobile site redirect URI via the mobile_groups[*][redirect] parameter and an empty _wpnonce parameter in the w3tc_mobile page to wp-admin/admin.php. | ||||
| CVE-2014-0745 | 1 Cisco | 1 Unified Contact Center Express Editor Software | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502. | ||||
| CVE-2015-6973 | 1 Igniterealtime | 1 Openfire | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafted request to user-create.jsp, (3) edit server settings or (4) disable SSL on the server via a crafted request to server-props.jsp, or (5) add clients via a crafted request to plugins/clientcontrol/permitted-clients.jsp. | ||||
| CVE-2014-3015 | 1 Ibm | 1 Sametime Proxy Server And Web Client | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | ||||
| CVE-2015-7612 | 1 Mcafee | 1 Vulnerability Manager | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations page in Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. | ||||
| CVE-2015-6966 | 1 Nibbleblog | 1 Nibbleblog | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Nibbleblog before 4.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) create a post via a new_simple action to admin.php or (2) conduct cross-site scripting (XSS) attacks via the content parameter in a new_simple action to admin.php. | ||||
| CVE-2016-0948 | 1 Adobe | 1 Connect | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2014-3024 | 1 Ibm | 2 Maximo Asset Management, Smartcloud Control Desk | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitrary users. | ||||
| CVE-2015-6944 | 1 Jsp\/mysql Administrador Web Project | 1 Jsp\/mysql Administrador Web | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to hijack the authentication of users for requests that execute arbitrary SQL commands via the cmd parameter to sys/sys/listaBD2.jsp. | ||||
| CVE-2016-6427 | 1 Cisco | 2 Unified Contact Center Express, Unified Intelligence Center | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654. | ||||
| CVE-2014-3267 | 1 Cisco | 1 Security Manager | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427. | ||||
| CVE-2014-10006 | 1 Maianscriptworld | 1 Maian Uploader | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attackers to hijack the authentication of unspecified users for requests that conduct cross-site scripting (XSS) attacks via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php. | ||||
| CVE-2014-8331 | 1 Huawei | 2 E3236 Firmware, E3276 Firmware | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3236 before E3276sTCPU-V200R002B470D13SP00C00 and E3276sWebUI-V100R007B100D03SP01C03 and E3276 before E3236sTCPU-V200R002B146D41SP00C00 and E3236sWebUI-V100R007B100D03SP01C03 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) use device functions. | ||||