Export limit exceeded: 337610 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8809 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-3028 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service. | ||||
| CVE-2012-5005 | 1 Frankdeveloper | 1 Vr Gpub | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/admin_options.php in VR GPub 4.0 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an add action. | ||||
| CVE-2012-2397 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via vectors involving contacts. | ||||
| CVE-2012-2380 | 1 Apache | 1 Roller | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality. | ||||
| CVE-2009-4898 | 1 Twiki | 1 Twiki | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. NOTE: this issue exists because of an insufficient fix for CVE-2009-1339. | ||||
| CVE-2013-3256 | 2 Shareaholic, Wordpress | 2 Sexybookmarks, Wordpress | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Shareaholic SexyBookmarks plugin 6.1.4.0 for WordPress allows remote attackers to hijack the authentication of users for requests that "manipulate plugin settings." | ||||
| CVE-2012-2729 | 2 Adcillc, Drupal | 2 Simplemeta, Drupal | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleMeta module 6.x-1.x before 6.x-2.0 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) delete or (2) add a meta tag entry. | ||||
| CVE-2009-4139 | 1 Redhat | 3 Network Satellite, Network Satellite Server, Spacewalk-java | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Spacewalk Java site packages (aka spacewalk-java) 1.2.39 in Spacewalk, as used in the server in Red Hat Network Satellite 5.3.0 through 5.4.1 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that (1) disable the current user account, (2) add user accounts, or (3) modify user accounts to have administrator privileges. | ||||
| CVE-2013-3269 | 1 Cybozu | 1 Cybozu Office | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305. | ||||
| CVE-2012-2341 | 2 Drupal, Rahul Singla | 2 Drupal, Take Control | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files. | ||||
| CVE-2012-2316 | 1 Openkm | 1 Openkm | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to admin/scripting.jsp. | ||||
| CVE-2012-2307 | 2 Drupal, Plaatsoft | 2 Drupal, Addressbook | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2012-2305 | 2 Drupal, Justin Ellison | 2 Drupal, Node Gallery | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Node Gallery module for Drupal 6.x-3.1 and earlier allows remote attackers to hijack the authentication of certain users for requests that create node galleries. | ||||
| CVE-2012-3309 | 1 Ibm | 1 Infosphere Guardium | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the account-creation panel in IBM InfoSphere Guardium 8.2 and earlier, when the CSRF filtering (aka csrf_status) feature is disabled, allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | ||||
| CVE-2012-3256 | 1 Hp | 1 Business Availability Center | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2010-2111 | 1 Pacifictimesheet | 1 Pacific Timesheet | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in user/user-set.do in Pacific Timesheet 6.74 build 363 allows remote attackers to hijack the authentication of administrators for requests that create a new administrator via a new_admin action. | ||||
| CVE-2012-4002 | 1 Glpi-project | 1 Glpi | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2012-2275 | 1 Teamst | 1 Testlink | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator's email via an editUser action to lib/usermanagement/userInfo.php. | ||||
| CVE-2012-2155 | 2 Drupal, Kyle Browning | 2 Drupal, Cdn2 Video | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2014-0736 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468. | ||||