Export limit exceeded: 365268 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (9423 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-0314 1 Emobile 2 Pocket Wifi, Pocket Wifi Firmware 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities on the eAccess Pocket WiFi (aka GP02) router before 2.00 with firmware 11.203.11.05.168 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device.
CVE-2010-3288 1 Hp 1 Systems Insight Manager 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-2447 1 Netsweeper 1 Netsweeper 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action.
CVE-2012-6518 1 Diy-cms 1 Diy-cms 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in mod.php in DiY-CMS 1.0 allows remote attackers to hijack the authentication of administrators for requests that create a poll via an add action to the poll module.
CVE-2010-2294 1 Pxsystem 1 Plume-cms 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in Plume CMS 1.2.4 and possibly earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.
CVE-2012-6629 1 Xyzscripts 1 Newsletter Manager 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change an email address or (2) conduct script insertion attacks. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2012-6631 1 Vessio 1 Netbill 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in accounts/admin/index.php in Vessio NetBill 1.2 allows remote attackers to hijack the authentication of administrators for requests that add accounts via a new-client action.
CVE-2010-3271 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do.
CVE-2010-2594 7 Ibm, Intersect Alliance, Linux and 4 more 14 Aix, Snare Agent, Snare Epilog and 11 more 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.
CVE-2013-0320 2 Drupal, Mattias Hutterer 2 Drupal, Taxonomy Manager 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors.
CVE-2013-3479 2 Sharethis, Wordpress 2 Sharethis, Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings.
CVE-2012-2564 1 Bloxx 1 Web Filtering 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bloxx Web Filtering before 5.0.14 allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions.
CVE-2013-3472 1 Cisco 1 Unified Communications Manager 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210.
CVE-2012-4486 2 Boombatower, Drupal 2 Subuser, Drupal 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors.
CVE-2012-4478 2 David Alkire, Drupal 2 Drag \& Drop Gallery, Drupal 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to hijack the authentication of administrators.
CVE-2013-2628 1 Idleman 1 Leed 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token.
CVE-2013-0329 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-11 N/A
Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to bypass the CSRF protection mechanism via unknown attack vectors.
CVE-2011-2753 2 Redhat, Squirrelmail 2 Enterprise Linux, Squirrelmail 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555.
CVE-2013-0327 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in Jenkins master in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to hijack the authentication of users via unknown vectors.
CVE-2012-2716 2 David Stosik, Drupal 2 Comment Moderation, Drupal 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that publish comments.