CWE-352 CVEs and Security Vulnerabilities

Filtered by CWE-352

Search

Switch to Advanced Search (Beta)

Total 9376 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2012-2605	1 Bradfordnetworks	2 Network Sentry Appliance, Network Sentry Appliance Software	2025-04-11	N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote attackers to hijack the authentication of administrators for requests that (1) insert XSS sequences or (2) send messages to clients.
CVE-2012-3362	1 Extplorer	1 Extplorer	2025-04-11	N/A
Cross-site request forgery (CSRF) vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action.
CVE-2012-4059	1 Socketmail	1 Socketmail	2025-04-11	N/A
Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php in SocketMail Pro 2.2.9 allows remote attackers to hijack the authentication of arbitrary users for requests that change user security questions and answers via an upd action.
CVE-2012-4391	1 Owncloud	2 Owncloud, Owncloud Server	2025-04-11	N/A
Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations.
CVE-2012-4753	1 Owncloud	2 Owncloud, Owncloud Server	2025-04-11	N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-5323	1 Xavi	1 X7968	2025-04-11	N/A
Cross-site request forgery (CSRF) vulnerability in webconfig/admin_passwd/passwd.html/admin_passwd in Xavi X7968 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysUserName, sysPassword, and sysCfmPwd parameters.
CVE-2012-5898	1 Samedia	1 Landshop	2025-04-11	N/A
Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0.9.2 allows remote attackers to hijack the authentication of administrators for requests that change account settings.
CVE-2012-6518	1 Diy-cms	1 Diy-cms	2025-04-11	N/A
Cross-site request forgery (CSRF) vulnerability in mod.php in DiY-CMS 1.0 allows remote attackers to hijack the authentication of administrators for requests that create a poll via an add action to the poll module.
CVE-2013-0144	1 Qnap	1 Viostor Network Video Recorder	2025-04-11	N/A
Cross-site request forgery (CSRF) vulnerability in cgi-bin/create_user.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a NEW USER action.
CVE-2013-0460	1 Ibm	1 Websphere Application Server	2025-04-11	N/A
Cross-site request forgery (CSRF) vulnerability in the portlet subsystem in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 and 7.0 before 7.0.0.27 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences.
CVE-2012-0748	1 Ibm	1 Rational Team Concert	2025-04-11	N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified services in IBM Rational Team Concert (RTC) 4.x before 4.0.0.1 allow remote attackers to hijack the authentication of arbitrary users for requests that modify work items.
CVE-2013-2696	2 Crunchify, Wordpress	2 All-in-on-webmaster, Wordpress	2025-04-11	N/A
Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2013-2701	1 Linksalpha	1 Social Sharing Toolkit Plugin	2025-04-11	N/A
Cross-site request forgery (CSRF) vulnerability in the Social Sharing Toolkit plugin 2.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that manipulate plugin settings via unknown vectors.
CVE-2013-3450	1 Cisco	1 Unified Communications Manager	2025-04-11	N/A
Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.
CVE-2013-3451	1 Cisco	1 Unified Communications Manager	2025-04-11	N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033.
CVE-2013-3605	1 Trivantis	1 Coursemill Learning Management System	2025-04-11	N/A
Cross-site request forgery (CSRF) vulnerability in Coursemill Learning Management System (LMS) 6.6 allows remote attackers to hijack the authentication of arbitrary users via vectors related to cookies.
CVE-2014-0621	1 Technicolor	2 Tc7200, Tc7200 Firmware	2025-04-11	N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall.
CVE-2013-4871	2 Markus Blaschke, Typo3	2 Tq Seo, Typo3	2025-04-11	N/A
Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2013-5313	1 Bigtreecms	1 Bigtree Cms	2025-04-11	N/A
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action.
CVE-2013-5316	1 Ritecms	1 Ritecms	2025-04-11	N/A
Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php.

« first previous Page 281 of 469. next last »