Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1236 | 1 Janetter | 1 Janetter | 2012-06-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Janetter before 3.3.0.0 (aka 3.3.0) allow remote attackers to hijack the authentication of arbitrary users for requests that (1) tweet, (2) upload an image file, or (3) execute arbitrary commands. | |||||
| CVE-2011-3293 | 1 Cisco | 1 Secure Access Control Server | 2012-06-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143. | |||||
| CVE-2011-3846 | 1 Hp | 1 System Management Homepage | 2012-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 6.2.2.7 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | |||||
| CVE-2012-1083 | 1 Typo3 | 2 Terminal, Typo3 | 2012-02-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2012-0997 | 1 11in1 | 1 11in1 | 2012-02-24 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action. | |||||
| CVE-2012-1227 | 1 Pluck-cms | 1 Pluck | 2012-02-24 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an editpage action, or (4) add a categorie via the blog module. | |||||
| CVE-2012-1216 | 1 Pbboard | 1 Pbboard | 2012-02-24 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in PBBoard 2.1.4 allow remote attackers to hijack the authentication of administrators for requests that (1) upload a file via an add action or (2) change the contents of a file via a dit action. | |||||
| CVE-2012-1235 | 1 Advantech | 1 Advantech Webaccess | 2012-02-23 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235. | |||||
| CVE-2010-5084 | 1 E107 | 1 E107 | 2012-02-15 | 6.0 MEDIUM | N/A |
| The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php. | |||||
| CVE-2012-0314 | 1 Emobile | 2 Pocket Wifi, Pocket Wifi Firmware | 2012-02-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the eAccess Pocket WiFi (aka GP02) router before 2.00 with firmware 11.203.11.05.168 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device. | |||||
| CVE-2011-5074 | 1 Sitracker | 1 Support Incident Tracker | 2012-02-02 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php. | |||||
| CVE-2011-3669 | 1 Mozilla | 1 Bugzilla | 2012-02-02 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that upload attachments. | |||||
| CVE-2011-3668 | 1 Mozilla | 1 Bugzilla | 2012-02-02 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that create bug reports. | |||||
| CVE-2012-0286 | 1 Stone-ware | 1 Webnetwork | 2012-01-24 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accounts. | |||||
| CVE-2009-0708 | 1 Semanticscuttle | 1 Semanticscuttle | 2012-01-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in SemanticScuttle before 0.91 allow remote attackers to (1) hijack the authentication of administrators via unknown vectors or (2) hijack the authentication of arbitrary users via vectors involving the profile page. | |||||
| CVE-2011-4837 | 1 Homeseer | 1 Homeseer Hs2 | 2011-12-15 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in /ctrl in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to hijack the authentication of admins for requests that execute arbitrary programs. | |||||
| CVE-2011-2191 | 1 Cherokee-project | 1 Cherokee | 2011-11-24 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply. | |||||
| CVE-2011-4498 | 1 Zenprise | 1 Zenprise Device Manager | 2011-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web console in Zenprise Device Manager 6.x through 6.1.8 allows remote attackers to hijack the authentication of administrators for requests that wipe mobile devices. | |||||
| CVE-2011-3994 | 1 Skyarc | 5 Autotagging, Duplicateentry, Mailpack and 2 more | 2011-11-16 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data. | |||||
| CVE-2011-2773 | 1 Mahara | 1 Mahara | 2011-11-15 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution. | |||||