Total
5841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9587 | 1 Roundcube | 1 Webmail | 2015-01-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins. | |||||
| CVE-2014-9459 | 1 E107 | 1 E107 | 2015-01-14 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action. | |||||
| CVE-2014-10006 | 1 Maianscriptworld | 1 Maian Uploader | 2015-01-13 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attackers to hijack the authentication of unspecified users for requests that conduct cross-site scripting (XSS) attacks via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php. | |||||
| CVE-2014-9510 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2015-01-13 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import. | |||||
| CVE-2014-9524 | 1 Facebook Like Box Project | 1 Facebook Like Box | 2015-01-06 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) frm_title, (3) frm_url, (4) frm_border_color, (5) frm_width, or (6) frm_height parameter in the slug_for_fb_like_box page to wp-admin/admin.php. | |||||
| CVE-2014-9523 | 1 Smartcat | 1 Our Team Showcase | 2015-01-06 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanced) plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_our_team_member_count parameter in the sc_team_settings page to wp-admin/edit.php. | |||||
| CVE-2014-9276 | 1 Mediawiki | 1 Mediawiki | 2015-01-06 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authentication of users with edit permissions for requests that cross-site scripting (XSS) attacks via the wpInput parameter, which is not properly handled in the preview. | |||||
| CVE-2010-5320 | 1 Memht | 1 Memht Portal | 2015-01-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a configuration action to admin.php, (2) modify articles via an articles action to admin.php, or (3) modify credentials via a users action to admin.php. | |||||
| CVE-2010-5319 | 1 Kan-studio | 1 Kandidat Cms | 2015-01-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Kandidat CMS 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a validate action to admin/settings.php, (2) modify pages via the what parameter to admin/edit.php, or (3) modify articles via the edit parameter to admin/news.php. | |||||
| CVE-2010-5315 | 1 Chialab \& Channelweb | 1 Bedita | 2015-01-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in BEdita before 3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create categories via a data array to news/saveCategories or (2) modify credentials via a data array to admin/saveUser. | |||||
| CVE-2014-9391 | 1 Gslideshow Project | 1 Gslideshow | 2015-01-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the gSlideShow plugin 0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) rss, (2) display_time or (3) transistion_time parameter in the gslideshow.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9392 | 1 Pictobrowser Project | 1 Pictobrowser | 2015-01-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the PictoBrowser (pictobrowser-gallery) plugin 0.3.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the pictoBrowserFlickrUser parameter in the options-page.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9395 | 1 Simplelife Project | 1 Simplelife | 2015-01-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Simplelife plugin 1.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simplehoverback, (2) simplehovertext, (3) flickrback, or (4) simple_flimit parameter in the simplelife.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9398 | 1 Twitter Liveblog Project | 1 Twitter Liveblog | 2015-01-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Twitter LiveBlog plugin 1.1.2 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the mashtlb_twitter_username parameter in the twitter-liveblog.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9399 | 1 Tweetscribe Project | 1 Tweetscribe | 2015-01-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the TweetScribe plugin 1.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the tweetscribe_username parameter in a save action in the tweetscribe.php page to wp-admin/options-general.php. | |||||
| CVE-2011-5300 | 1 Pommo | 1 Pommo-ardvark | 2015-01-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin_ parameters. | |||||
| CVE-2011-5302 | 1 Kubelabs | 1 Phpdug | 2015-01-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in adm/admin_edit.php in PHPDug 2.0.0 allows remote attackers to hijack the authentication of administrators for requests that modify credentials. | |||||
| CVE-2011-5298 | 1 Viralheat | 1 Argyle Social | 2015-01-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Argyle Social 2011-04-26 allow remote attackers to hijack the authentication of administrators for requests that (1) modify credentials via the role parameter to users/create/, (2) modify rules via the terms field in stream_filter_rule JSON data to settings-ajax/stream_filter_rules/create, or (3) modify efforts via the title field in effort JSON data to publish-ajax/efforts/create. | |||||
| CVE-2011-5306 | 1 Zaunz Gmbh | 1 Cosmoshop | 2015-01-02 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/setup_edit.cgi in CosmoShop ePRO 10.05.00 allows remote attackers to hijack the authentication of administrators for requests that modify settings via a setup action. | |||||
| CVE-2011-5311 | 1 Cherry-design | 1 Wikipad | 2015-01-02 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to hijack the authentication of administrators for requests that modify pages via the data[text] parameter. | |||||