Search Results (10349 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-9027 1 Zteusa 1 Zxdsl 831cii 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the (1) enblftp, (2) enblhttp, (3) enblsnmp, (4) enbltelnet, (5) enbltftp, (6) enblicmp, or (7) enblssh parameter to accesslocal.cmd.
CVE-2014-9003 1 Lantronix 1 Xprintserver 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action.
CVE-2014-8953 1 Phpscriptlerim 1 Php Scriptlerim Who\'s Who 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php.
CVE-2014-8654 1 Compal Broadband Networks 3 Cg6640e Wireless Gateway, Ch664oe Wireless Gateway, Firmware 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators for requests that (1) have unspecified impact on DDNS configuration via a request to basicDDNS.html, (2) change the wifi password via the psKey parameter to setWirelessSecurity.html, (3) add a static MAC address via the MacAddress parameter in an add_static action to setBasicDHCP1.html, or (4) enable or disable UPnP via the UPnP parameter in an apply action to setAdvancedOptions.html.
CVE-2014-8429 1 Xavoc 1 Xepan Cms 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page.
CVE-2014-8144 1 Doorkeeper Project 1 Doorkeeper 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors.
CVE-2014-8073 1 Openmrs 1 Openmrs 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentication of administrators for requests that add a new user via a Save User action to admin/users/user.form.
CVE-2014-8031 1 Cisco 1 Webex Meetings Server 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456.
CVE-2014-7996 1 Cisco 1 Unified Computing System 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477.
CVE-2014-7838 1 Moodle 1 Moodle 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within (1) mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3) mod/forum/index.php, or (4) mod/forum/lib.php.
CVE-2014-7836 1 Moodle 1 Moodle 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod/lti/request_tool.php or (2) mod/lti/instructor_edit_tool_type.php request.
CVE-2016-0948 1 Adobe 1 Connect 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2014-7809 1 Apache 1 Struts 2025-04-12 N/A
Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism.
CVE-2014-7158 1 Exinda 1 Wan Optimization Suite 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to admin/launch.
CVE-2014-2659 1 Papercut 2 Papercut Mf, Papercut Ng 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2014-0864 1 Ibm 1 Algo Credit Limits 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to hijack the authentication of arbitrary users for requests that change (1) a deal's currency or (2) a limit via a crafted XML document.
CVE-2014-3414 1 Sharetronix 1 Sharetronix 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Sharetronix before 3.4 allows remote attackers to hijack the authentication of administrators for requests that add administrative privileges to a user via the admin parameter to admin/administrators.
CVE-2015-5534 1 Oxwall 1 Oxwall 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under maintenance via the maintenance_enable parameter or (2) conduct cross-site scripting (XSS) attacks via the maintenance_text parameter to admin/pages/maintenance.
CVE-2015-0741 1 Cisco 1 Hosted Collaboration Solution 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596.
CVE-2015-0736 1 Cisco 1 Mediasense 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Cisco MediaSense 10.5(1) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu16728.