Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-10001 | 1 Phpjabbers | 1 Appointment Scheduler | 2017-09-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the i18n[1][name] parameter in a pjActionCreate action to the pjAdminServices controller or (2) add an administrator via a pjActionCreate action to the pjAdminUsers controller. | |||||
| CVE-2014-9344 | 1 Globiz Solutions | 1 Snowfox Content Management System | 2017-09-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a submit action in the admin/accounts/create uri to snowfox/. | |||||
| CVE-2014-10008 | 1 Iwcn | 1 Stark Crm | 2017-09-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add (1) an administrator via a crafted request to the admin page, (2) an agent via a crafted request to the agent page, (3) a sub-agent via a crafted request to the sub_agent page, (4) a partner via a crafted request to the partner page, or (5) a client via a crafted request to the client page. | |||||
| CVE-2014-8953 | 1 Phpscriptlerim | 1 Php Scriptlerim Who\'s Who | 2017-09-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php. | |||||
| CVE-2011-5284 | 1 Smoothwall | 1 Smoothwall | 2017-09-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that perform a reboot via a request to cgi-bin/shutdown.cgi. | |||||
| CVE-2014-9454 | 1 Simple Sticky Footer Project | 1 Simple Sticky Footer | 2017-09-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before 1.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) simple_sf_width or (3) simple_sf_style parameter in the simple-simple-sticky-footer page to wp-admin/themes.php. | |||||
| CVE-2014-9003 | 1 Lantronix | 1 Xprintserver | 2017-09-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action. | |||||
| CVE-2014-8073 | 1 Openmrs | 1 Openmrs | 2017-09-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentication of administrators for requests that add a new user via a Save User action to admin/users/user.form. | |||||
| CVE-2014-9335 | 1 Dandyid Services Project | 1 Dandyid Services | 2017-09-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) email_address or (2) sidebarTitle parameter in the dandyid-services.php page to wp-admin/options-general.php. | |||||
| CVE-2015-1432 | 1 Phpbb | 1 Phpbb | 2017-09-08 | 6.8 MEDIUM | N/A |
| The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors. | |||||
| CVE-2014-9437 | 1 Sliding Social Icons Project | 1 Sliding Social Icons | 2017-09-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_social_slider_margin parameter in a wpbs_save_settings action in the wpbs_panel page to wp-admin/admin.php. | |||||
| CVE-2014-8654 | 1 Compal Broadband Networks | 3 Cg6640e Wireless Gateway, Ch664oe Wireless Gateway, Firmware | 2017-09-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators for requests that (1) have unspecified impact on DDNS configuration via a request to basicDDNS.html, (2) change the wifi password via the psKey parameter to setWirelessSecurity.html, (3) add a static MAC address via the MacAddress parameter in an add_static action to setBasicDHCP1.html, or (4) enable or disable UPnP via the UPnP parameter in an apply action to setAdvancedOptions.html. | |||||
| CVE-2014-7874 | 1 Hp | 2 Hp-ux, System Management Homepage | 2017-09-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2014-9460 | 1 Justin Klein | 1 Wp-vipergb | 2017-09-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) vgb_page or (3) vgb_items_per_pg parameter in the wp-vipergb page to wp-admin/options-general.php. | |||||
| CVE-2014-5333 | 5 Adobe, Apple, Google and 2 more | 7 Adobe Air, Adobe Air Sdk, Flash Player and 4 more | 2017-09-08 | 4.3 MEDIUM | N/A |
| Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API, in conjunction with a manipulation involving a '$' (dollar sign) or '(' (open parenthesis) character. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671. | |||||
| CVE-2015-1568 | 1 Studio.gd | 1 Gd Infinite Scroll | 2017-09-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote attackers to hijack the authentication of users with the "edit gd infinite scroll settings" permission for requests that delete settings via unspecified vectors. | |||||
| CVE-2014-9525 | 1 Timed Popup Project | 1 Timed Popup | 2017-09-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugin 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_popup_subtitle parameter in the wp-popup.php page to wp-admin/options-general.php. | |||||
| CVE-2014-7996 | 1 Cisco | 1 Unified Computing System | 2017-09-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477. | |||||
| CVE-2015-1559 | 1 Epignosis | 1 Efront | 2017-09-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in administrator.php in Epignosis eFront Open Source Edition before 3.6.15.3 build 18022 allow remote attackers to hijack the authentication of administrators for requests that (1) delete modules via the delete_module parameter, (2) deactivate modules via the deactivate_module parameter, (3) activate modules via the activate_module parameter, (4) delete users via the delete_user parameter, (5) deactivate users via the deactivate_user parameter, (6) activate users via the activate_user parameter, (7) activate themes via the set_theme parameter, (8) deactivate themes via the set_theme parameter, (9) delete themes via the delete parameter, (10) deactivate events (user registration or email activation) via the deactivate_notification parameter, (11) activate events via the activate_notification parameter, (12) delete events via the delete_notification parameter, (13) deactivate language settings via the deactivate_language parameter, (14) activate language settings via the activate_language parameter, (15) delete language settings via the delete_language parameter, or (16) activate or deactivate the autologin feature for a user via a crafted maintenance request. | |||||
| CVE-2014-9396 | 1 Simpleflickr Project | 1 Simpleflickr | 2017-09-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleFlickr plugin 3.0.3 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simpleflickr_width, (2) simpleflickr_bgcolor, or (3) simpleflickr_xmldatapath parameter in the simpleFlickr.php page to wp-admin/options-general.php. | |||||