Search Results (9425 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-7043 1 Cisco 4 Scientific Atlanta Dpr2325, Scientific Atlanta Dpr2325 Firmware, Scientific Atlanta Dpr\/epr2320 and 1 more 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic.
CVE-2013-5672 2 Indianic, Wordpress 2 Testimonial Plugin, Wordpress 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the IndiaNIC Testimonial plugin 2.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add a testimonial via an iNIC_testimonial_save action; (2) add a listing template via an iNIC_testimonial_save_listing_template action; (3) add a widget template via an iNIC_testimonial_save_widget action; insert cross-site scripting (XSS) sequences via the (4) project_name, (5) project_url, (6) client_name, (7) client_city, (8) client_state, (9) description, (10) tags, (11) video_url, or (12) is_featured, (13) title, (14) widget_title, (15) no_of_testimonials, (16) filter_by_country, (17) filter_by_tags, or (18) widget_template parameter to wp-admin/admin-ajax.php.
CVE-2013-5696 1 Glpi-project 1 Glpi 2025-04-11 N/A
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
CVE-2013-5708 1 Trivantis 1 Coursemill Learning Management System 2025-04-11 N/A
Coursemill Learning Management System (LMS) 6.8 constructs secret tokens based on time values, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via vectors related to cookies, a different vulnerability than CVE-2013-3605.
CVE-2011-1954 1 Postrev 1 Post Revolution 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Post Revolution 0.8.0c-2 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests to (1) ajax-weblog-guardar.php, (2) verpost.php, (3) comments.php, or (4) perfil.php.
CVE-2011-3381 1 Phorum 1 Phorum 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-1843 2 Dell, Quantum 7 Powervault Ml6000, Powervault Ml6000 Firmware, Powervault Ml6010 and 4 more 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to hijack the authentication of users for requests that execute Linux commands via the fileName parameter, related to a "command-injection vulnerability."
CVE-2013-2696 2 Crunchify, Wordpress 2 All-in-on-webmaster, Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2013-2704 2 Metin Saylan, Wordpress 2 Dropdown Menu Widget, Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu Widget plugin 1.9.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences.
CVE-2013-2709 2 Crunchify, Wordpress 2 Foursquare-checkins, Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the FourSquare Checkins plugin before 1.3 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2013-4405 1 Redhat 1 Enterprise Mrg 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests.
CVE-2012-4732 1 Bestpractical 1 Rt 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks.
CVE-2012-4853 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger information disclosure.
CVE-2012-4943 1 Agilefleet 2 Fleetcommander, Fleetcommander Kiosk 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to hijack the authentication of arbitrary users for requests that modify (1) passwords, (2) accounts, or (3) permissions.
CVE-2012-5005 1 Frankdeveloper 1 Vr Gpub 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in admin/admin_options.php in VR GPub 4.0 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an add action.
CVE-2012-5004 1 Parallels 1 H-sphere 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via admin/extra_packs/create_extra_pack.html.
CVE-2013-4689 1 Juniper 1 Junos 2025-04-11 N/A
J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators for requests that (1) create new administrator accounts or (2) have other unspecified impacts.
CVE-2013-0532 1 Ibm 2 Rational Policy Tester, Security Appscan 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that cause a denial of service via malformed HTTP data.
CVE-2013-0598 1 Ibm 1 Rational Clearquest 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2013-0717 1 Nec 6 Atermwm3450rn, Atermwm3600r, Atermwr8160n and 3 more 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the web-based management utility on the NEC AtermWR9500N, AtermWR8600N, AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN routers allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device.