| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users. |
| Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that (1) ban a user via the username parameter in a dobanuser action to modcp/banning.php or (2) unban a user, (3) modify user profiles, edit a (4) post or (5) topic, or approve a (6) post or (7) topic via unspecified vectors. |
| Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanced) plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_our_team_member_count parameter in the sc_team_settings page to wp-admin/edit.php. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugin 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_popup_subtitle parameter in the wp-popup.php page to wp-admin/options-general.php. |
| Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter in the BannerEffectOptions page to wp-admin/options-general.php. |
| The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element. |
| Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack. |
| Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
| Cross-site request forgery (CSRF) vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to hijack the authentication of users with the "node_invite_can_manage_invite" permission for requests that re-enable node invitations via unspecified vectors. |
| Cross-site request forgery (CSRF) vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete the user's configured bank accounts via unspecified vectors. |
| Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in ISPConfig before 3.0.5.4p7 allow remote attackers to hijack the authentication of (1) administrators for requests that create an administrator account via a request to admin/users_edit.php or (2) arbitrary users for requests that conduct SQL injection attacks via the server parameter to monitor/show_sys_state.php. |
| Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 in FireSIGHT Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu94721. |
| Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Serial Gateway devices with software 1.0(1.42) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90728. |
| Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Advanced Media Gateway devices with software 1.1(1.40) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90732. |
| Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP Gateway devices with software 2.0(3.34) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90734. |
| Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP VCR devices with software 3.0(1.27) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90736. |
| Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146. |
| Cross-site request forgery (CSRF) vulnerability in the Spider Contacts module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete contact categories via unspecified vectors. |