Total
5841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1109 | 1 Cisco | 1 Webex Training Center | 2013-02-02 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication of arbitrary users for requests that delete tests, aka Bug ID CSCzu81067. | |||||
| CVE-2012-5992 | 1 Cisco | 9 2000 Wireless Lan Controller, 2100 Wireless Lan Controller, 2500 Wireless Lan Controller and 6 more | 2013-01-30 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283. | |||||
| CVE-2012-6508 | 1 Netartmedia | 1 Car Portal | 2013-01-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change arbitrary user passwords via a nouveau action in the security module to cars/ADMIN/index.php; (2) create a user or (3) create a sub user via a sub_accounts action in the home module to USERS/index.php; or (4) change profile information via an edit action in the profile module to USERS/index.php. | |||||
| CVE-2012-1922 | 1 Sitecom | 1 Wlm-2501 | 2013-01-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac Filtering via admin/formFilter, (2) IP/Port Filtering via formFilter, (3) Port Forwarding via formPortFw, (4) Wireless Access Control via admin/formWlAc, (5) Wi-Fi Protected Setup via formWsc, (6) URL Blocking Filter via formURL, (7) Domain Blocking Filter via formDOMAINBLK, and (8) IP Address ACL Filter via admin/formACL in goform/, different vectors than CVE-2012-1921. | |||||
| CVE-2012-5178 | 2 Welcart, Wordpress | 2 Welcart Plugin, Wordpress | 2013-01-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that complete a purchase. | |||||
| CVE-2012-1921 | 1 Sitecom | 1 Wlm-2501 | 2013-01-24 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication of administrators for requests that change the router passphrase via the pskValue parameter. | |||||
| CVE-2012-5891 | 1 Dalbum | 1 Dalbum | 2013-01-15 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change action, or (3) delete a user via a delete action. | |||||
| CVE-2012-6433 | 1 E107 | 1 E107 | 2013-01-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action. | |||||
| CVE-2012-6434 | 1 E107 | 1 E107 | 2013-01-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3) download_author_email, (4) download_author_website, (5) download_image, (6) download_thumb, (7) download_visible, or (8) download_class parameter. | |||||
| CVE-2012-4608 | 1 Emc | 1 Rsa Netwitness Informer | 2012-12-05 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2012-5549 | 2 Carlos Carvalhar, Drupal | 2 Time Spent, Drupal | 2012-12-04 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2012-5547 | 2 Drupal, Thomas Seidl | 2 Drupal, Search Api | 2012-12-04 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a server via a server action or (2) enable a search index via an enable index action. | |||||
| CVE-2012-4478 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2012-12-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to hijack the authentication of administrators. | |||||
| CVE-2010-5285 | 1 O-dyn | 1 Collabtive | 2012-11-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via the edituser action. | |||||
| CVE-2012-6047 | 1 X7 Group | 1 X7 Chat | 2012-11-27 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php. | |||||
| CVE-2012-1237 | 1 Icz | 1 Sencha Sns | 2012-11-20 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2012-5898 | 1 Samedia | 1 Landshop | 2012-11-19 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0.9.2 allows remote attackers to hijack the authentication of administrators for requests that change account settings. | |||||
| CVE-2011-4642 | 1 Splunk | 1 Splunk | 2012-11-06 | 4.6 MEDIUM | N/A |
| mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172. | |||||
| CVE-2012-4486 | 2 Boombatower, Drupal | 2 Subuser, Drupal | 2012-11-06 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors. | |||||
| CVE-2012-2069 | 2 Drupal, Mclewin | 2 Drupal, Wishlist | 2012-10-30 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via the (1) wl_reveal or (2) q parameters. | |||||