ReportizFlow
Filtered by vendor
Subscriptions
Total
8349 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1167 | 1 Aterm | 2 Wg300hp, Wg300hp Firmware | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2014-2579 | 1 Xcloner | 1 Xcloner | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) when the enable_db_backup and sql_mem options are enabled, access the database backup functionality via the dbbackup_comp parameter in the generate action to index2.php. NOTE: vector 2 might be a duplicate of CVE-2014-2340, which is for the XCloner Wordpress plugin. NOTE: remote attackers can leverage CVE-2014-2996 with vector 2 to execute arbitrary commands. | ||||
| CVE-2016-1470 | 1 Cisco | 1 Small Business 220 Series Smart Plus Switches | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuz76230. | ||||
| CVE-2016-4069 | 2 Opensuse, Roundcube | 2 Leap, Webmail | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors. | ||||
| CVE-2014-6253 | 1 Zenoss | 1 Zenoss Core | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to hijack the authentication of arbitrary users, aka ZEN-12653. | ||||
| CVE-2014-3881 | 1 Intercom | 1 Web Kyukincho | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2016-1174 | 1 Hiniarata | 1 Casebook Plugin | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators. | ||||
| CVE-2016-4066 | 1 Fortinet | 1 Fortiweb | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Fortinet FortiWeb before 5.5.3 allows remote attackers to hijack the authentication of administrators for requests that change the password via unspecified vectors. | ||||
| CVE-2013-7334 | 1 Imagecms | 1 Imagecms | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in ImageCMS before 4.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the q parameter, related to CVE-2012-6290. | ||||
| CVE-2016-2082 | 1 Vmware | 1 Vrealize Log Insight | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2013-3251 | 1 Qianqin | 1 Qtranslate | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the qTranslate plugin 2.5.34 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. | ||||
| CVE-2016-2901 | 1 Ibm | 2 Web Content Manager, Websphere Portal | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | ||||
| CVE-2014-3845 | 2 Tinymce, Wordpress | 2 Color Picker, Wordpress | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2015-2940 | 1 Mediawiki | 1 Checkuser | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors. | ||||
| CVE-2016-6427 | 1 Cisco | 2 Unified Contact Center Express, Unified Intelligence Center | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654. | ||||
| CVE-2015-2701 | 1 Cs-cart | 1 Cs-cart | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/. | ||||
| CVE-2014-9399 | 1 Tweetscribe Project | 1 Tweetscribe | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the TweetScribe plugin 1.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the tweetscribe_username parameter in a save action in the tweetscribe.php page to wp-admin/options-general.php. | ||||
| CVE-2013-3477 | 1 Zemanta | 1 Related Posts | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Related Posts by Zemanta plugin before 1.3.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change settings via unknown vectors. | ||||
| CVE-2011-5315 | 1 Whcms Project | 1 Whcms | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action. | ||||
| CVE-2015-5007 | 1 Ibm | 1 Websphere Commerce | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | ||||