Total
5841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6629 | 1 Xyzscripts | 1 Newsletter Manager | 2014-01-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change an email address or (2) conduct script insertion attacks. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2013-4671 | 1 Symantec | 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 | 2014-01-17 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2013-6883 | 1 Cru-inc | 2 Ditto Forensic Fieldstation, Ditto Forensic Fieldstation Firmware | 2014-01-14 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests that modify the disk erase technique settings via unspecified vectors. | |||||
| CVE-2013-6192 | 1 Hp | 1 Operations Orchestration | 2014-01-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration before 9 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2013-7223 | 1 Fatfreecrm | 1 Fat Free Crm | 2014-01-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the lack of a protect_from_forgery line in app/controllers/application_controller.rb. | |||||
| CVE-2013-7209 | 1 Jforum | 1 Jforum | 2013-12-31 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the user group permissions of arbitrary users via a groupsSave action. | |||||
| CVE-2013-7233 | 1 Wordpress | 1 Wordpress | 2013-12-31 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list. | |||||
| CVE-2013-5039 | 1 Hot | 2 Hotbox Router, Hotbox Router Firmware | 2013-12-30 | 5.4 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecurity parameter. | |||||
| CVE-2013-2628 | 1 Idleman | 1 Leed | 2013-12-23 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token. | |||||
| CVE-2012-5394 | 1 Mediawiki | 1 Mediawiki | 2013-12-16 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading. | |||||
| CVE-2013-6852 | 1 Hp | 1 2620-24-poe\+ Switch | 2013-11-22 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method. | |||||
| CVE-2013-2701 | 1 Linksalpha | 1 Social Sharing Toolkit Plugin | 2013-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Social Sharing Toolkit plugin 2.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that manipulate plugin settings via unknown vectors. | |||||
| CVE-2013-6018 | 1 Tylertech | 1 Taxweb | 2013-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in login.jsp in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password. | |||||
| CVE-2013-5993 | 1 Lockon | 1 Ec-cube | 2013-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals. | |||||
| CVE-2013-3095 | 1 Dlink | 2 Dir865l, Dir865l Firmware | 2013-11-20 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR865L router (Rev. A1) with firmware before 1.05b07 allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password or (2) enable remote management via a request to hedwig.cgi or (3) activate configuration changes via a request to pigwidgeon.cgi. | |||||
| CVE-2013-6826 | 1 Fortinet | 7 Fortianalyzer-1000d, Fortianalyzer-2000b, Fortianalyzer-200d and 4 more | 2013-11-20 | 6.8 MEDIUM | N/A |
| cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks. | |||||
| CVE-2013-6797 | 1 Sunil Nanda | 1 Blue Wrench Video Widget | 2013-11-19 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url parameter in the bw-videos page to wp-admin/admin.php, as demonstrated by embedding a URL to a JavaScript file. | |||||
| CVE-2013-3694 | 3 Apple, Blackberry, Microsoft | 3 Mac Os X, Blackberry Link, Windows | 2013-11-19 | 6.8 MEDIUM | N/A |
| BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving DNS rebinding. | |||||
| CVE-2013-5726 | 1 Tapbots | 1 Tweetbot | 2013-11-13 | 6.8 MEDIUM | N/A |
| Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL. | |||||
| CVE-2013-6346 | 1 Novell | 1 Zenworks Configuration Management | 2013-11-04 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||