Export limit exceeded: 366630 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (9431 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-9019 1 Zte 1 Zxdsl 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name or (2) conduct cross-site scripting (XSS) attacks via the sysUserName parameter in a save action to adminpasswd.cgi or (3) change the admin user password via the sysPassword parameter in a save action to adminpasswd.cgi.
CVE-2011-5306 1 Zaunz Gmbh 1 Cosmoshop 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/setup_edit.cgi in CosmoShop ePRO 10.05.00 allows remote attackers to hijack the authentication of administrators for requests that modify settings via a setup action.
CVE-2011-5311 1 Cherry-design 1 Wikipad 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to hijack the authentication of administrators for requests that modify pages via the data[text] parameter.
CVE-2014-5395 1 Huawei 4 E3236 Firmware, E3276 Firmware, E5180s-22 Firmware and 1 more 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors.
CVE-2014-4030 1 Longtailvideo 1 Jw Player For Flash \& Html5 Video Plugin 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php.
CVE-2011-5315 1 Whcms Project 1 Whcms 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action.
CVE-2011-5316 1 Cambio Project 1 Cambio 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action.
CVE-2011-5318 1 Diafan 1 Diafan.cms 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to admin/news/saveNEWS_ID/, (2) modify settings via a save_post action to admin/site/save2/, or (3) modify credentials via a save_post action to admin/usersite/save2/.
CVE-2014-10027 1 Dlink 2 Dap-1360, Dap-1360 Firmware 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that (1) change the MAC filter restrict mode, (2) add a MAC address to the filter, or (3) remove a MAC address from the filter via a crafted request to index.cgi.
CVE-2014-10025 1 Dlink 2 Dap-1360, Dap-1360 Firmware 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, or (9) Max Associated Clients setting via a crafted request to index.cgi.
CVE-2014-10019 1 Teracom 1 T2-b-gawv1.4u10y-bi 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID or (2) change the password via a crafted request.
CVE-2014-10008 1 Iwcn 1 Stark Crm 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add (1) an administrator via a crafted request to the admin page, (2) an agent via a crafted request to the agent page, (3) a sub-agent via a crafted request to the sub_agent page, (4) a partner via a crafted request to the partner page, or (5) a client via a crafted request to the client page.
CVE-2016-0891 1 Emc 1 Vipr Srm 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators.
CVE-2015-6373 1 Cisco 1 Firepower Extensible Operating System 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux10611.
CVE-2014-10006 1 Maianscriptworld 1 Maian Uploader 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attackers to hijack the authentication of unspecified users for requests that conduct cross-site scripting (XSS) attacks via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php.
CVE-2016-4469 1 Apache 1 Archiva 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new repository proxy connectors via the token parameter to admin/addProxyConnector_commit.action, (2) new repositories via the token parameter to admin/addRepository_commit.action, (3) edit existing repositories via the token parameter to admin/editRepository_commit.action, (4) add legacy artifact paths via the token parameter to admin/addLegacyArtifactPath_commit.action, (5) change the organizational appearance via the token parameter to admin/saveAppearance.action, or (6) upload new artifacts via the token parameter to upload_submit.action.
CVE-2012-1978 1 Simple Php Agenda Project 1 Simple Php Agenda 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admin/adminprocess.php, (3) add an event via a request to engine/new_event.php, or (4) delete an event via a request to phpagenda/.
CVE-2016-4494 1 Kmc Controls 2 Bac-5051e, Bac-5051e Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file.
CVE-2015-6376 1 Cisco 1 Telepresence Video Communication Server Software 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv72412.
CVE-2015-6378 1 Cisco 1 Dpq3925 8x4 Docsis 3.0 Wireless Residential Gateway With Embedded Digital Voice Adapter 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943.