ReportizFlow
Filtered by vendor
Subscriptions
Total
9328 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-0921 | 1 Ibm | 2 Lotus Domino, Lotus Inotes | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes." | ||||
| CVE-2010-3878 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files. | ||||
| CVE-2010-2345 | 1 Odcms | 1 Odcms | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in odCMS 1.06, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password, and other unspecified requests. | ||||
| CVE-2010-2111 | 1 Pacifictimesheet | 1 Pacific Timesheet | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in user/user-set.do in Pacific Timesheet 6.74 build 363 allows remote attackers to hijack the authentication of administrators for requests that create a new administrator via a new_admin action. | ||||
| CVE-2010-1611 | 1 Alegrocart | 1 Alegrocart | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 allows remote attackers to hijack the authentication of the administrator for requests that reset the administrator password via a POST to admin/ with an update action. | ||||
| CVE-2010-1610 | 1 Opencart | 1 Opencart | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in index.php in OpenCart 1.4 allows remote attackers to hijack the authentication of an application administrator for requests that create an administrative account via a POST request with the route parameter set to "user/user/insert." NOTE: some of these details are obtained from third party information. | ||||
| CVE-2011-0545 | 1 Symantec | 1 Liveupdate Administrator | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in adduser.do in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts, and possibly have unspecified other impact, via the userRole parameter. | ||||
| CVE-2012-1308 | 1 Dlink | 2 Dsl-2640b, Dsl-2640b Firmware | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter. | ||||
| CVE-2010-3449 | 2 Apache, Jesse Mcconnell | 2 Archiva, Redback | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; allows remote attackers to hijack the authentication of administrators for requests that modify credentials. | ||||
| CVE-2012-0826 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for requests that update feeds and possibly cause a denial of service (loss of updates due to rate limit) via unspecified vectors. | ||||
| CVE-2010-1037 | 1 Hp | 1 Systems Insight Manager | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2007-6752 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the "security benefit against platform complexity and performance impact" and concluding that a change to the logout behavior is not planned because "for most sites it is not worth the trade-off. | ||||
| CVE-2013-4405 | 1 Redhat | 1 Enterprise Mrg | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests. | ||||
| CVE-2011-3381 | 1 Phorum | 1 Phorum | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2012-4732 | 1 Bestpractical | 1 Rt | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks. | ||||
| CVE-2011-5131 | 1 Mybb | 1 Mybb | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter. | ||||
| CVE-2012-4486 | 2 Boombatower, Drupal | 2 Subuser, Drupal | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors. | ||||
| CVE-2012-4448 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action. | ||||
| CVE-2012-4393 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (2) delBookmark.php, or (3) editBookmark.php in bookmarks/ajax/; (4) calendar/delete.php, (5) calendar/edit.php, (6) calendar/new.php, (7) calendar/update.php, (8) event/delete.php, (9) event/edit.php, (10) event/move.php, (11) event/new.php, (12) import/import.php, (13) settings/setfirstday.php, (14) settings/settimeformat.php, (15) share/changepermission.php, (16) share/share.php, (17) or share/unshare.php in calendar/ajax/; (18) external/ajax/setsites.php, (19) files/ajax/delete.php, (20) files/ajax/move.php, (21) files/ajax/newfile.php, (22) files/ajax/newfolder.php, (23) files/ajax/rename.php, (24) files_sharing/ajax/email.php, (25) files_sharing/ajax/setpermissions.php, (26) files_sharing/ajax/share.php, (27) files_sharing/ajax/toggleresharing.php, (28) files_sharing/ajax/togglesharewitheveryone.php, (29) files_sharing/ajax/unshare.php, (30) files_texteditor/ajax/savefile.php, (31) files_versions/ajax/rollbackVersion.php, (32) gallery/ajax/createAlbum.php, (33) gallery/ajax/sharing.php, (34) tasks/ajax/addtask.php, (35) tasks/ajax/addtaskform.php, (36) tasks/ajax/delete.php, or (37) tasks/ajax/edittask.php in apps/; or administrators for requests that use (38) changepassword.php, (39) creategroup.php, (40) createuser.php, (41) disableapp.php, (42) enableapp.php, (43) lostpassword.php, (44) removegroup.php, (45) removeuser.php, (46) setlanguage.php, (47) setloglevel.php, (48) setquota.php, or (49) togglegroups.php in settings/ajax/. | ||||
| CVE-2013-3491 | 2 Mdolon, Wordpress | 2 Sharebar, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Sharebar plugin 1.2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) modify buttons, or (3) insert cross-site scripting (XSS) sequences. | ||||