Total
9161 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4787 | 1 Pligg | 1 Pligg Cms | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg before 1.0.3 allow remote attackers to hijack the authentication of administrators for requests that create user accounts or have unspecified other impact. | ||||
| CVE-2012-2316 | 1 Openkm | 1 Openkm | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to admin/scripting.jsp. | ||||
| CVE-2012-1414 | 1 Plume-cms | 1 Plume Cms | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that create News pages via a publish action. | ||||
| CVE-2012-1297 | 1 Contao | 1 Contao Cms | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module. | ||||
| CVE-2011-1911 | 1 Jasperforge | 1 Jasperreports Server Community Project | 2025-04-11 | N/A |
| JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 uses a predictable _flowExecutionKey parameter, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a brute-force approach. | ||||
| CVE-2010-3449 | 2 Apache, Jesse Mcconnell | 2 Archiva, Redback | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; allows remote attackers to hijack the authentication of administrators for requests that modify credentials. | ||||
| CVE-2011-1364 | 1 Google | 1 App Engine Python Sdk | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter. | ||||
| CVE-2012-1057 | 2 Drupal, Sean Robertson | 2 Drupal, Forward | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper "flood control." | ||||
| CVE-2011-5196 | 1 Public Knowledge Project | 1 Open Journal Systems | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files. | ||||
| CVE-2012-0990 | 1 Dclassifieds | 1 Dclassifieds | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify account settings such as the administrator password or email via certain Settings[] parameters. | ||||
| CVE-2014-0621 | 1 Technicolor | 2 Tc7200, Tc7200 Firmware | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall. | ||||
| CVE-2014-0010 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields. | ||||
| CVE-2013-6976 | 1 Cisco | 1 Epc3925 | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496. | ||||
| CVE-2010-1968 | 2 Hp, Microsoft | 2 Insight Software Installer, Windows | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1971. | ||||
| CVE-2010-1971 | 2 Hp, Microsoft | 2 Insight Software Installer, Windows | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1968. | ||||
| CVE-2013-7043 | 1 Cisco | 4 Scientific Atlanta Dpr2325, Scientific Atlanta Dpr2325 Firmware, Scientific Atlanta Dpr\/epr2320 and 1 more | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic. | ||||
| CVE-2010-3024 | 1 Hulihanapplications | 1 Diamondlist | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration. | ||||
| CVE-2009-4907 | 1 Dootzky | 1 Oblog | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) force an admin logout, (3) change the visibility of posts, (4) remove links, and (5) change the name fields of a blog. | ||||
| CVE-2014-1694 | 1 Otrs | 1 Otrs | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets. | ||||
| CVE-2012-5622 | 1 Redhat | 1 Openshift | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors. | ||||