Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4746 | 1 Zte | 1 Zxdsl | 2012-09-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter. | |||||
| CVE-2010-5080 | 1 Silverstripe | 1 Silverstripe | 2012-08-27 | 6.8 MEDIUM | N/A |
| The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HTTP referer leakage." | |||||
| CVE-2012-2564 | 1 Bloxx | 1 Web Filtering | 2012-08-19 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bloxx Web Filtering before 5.0.14 allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions. | |||||
| CVE-2012-4280 | 1 Rwcinc | 1 Free Realty | 2012-08-14 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in admin/agenteditor.php in Free Realty 3.1-0.6 allow remote attackers to hijack the authentication of administrators for requests that (1) add an agent via an addagent action or (2) modify an agent. | |||||
| CVE-2012-2602 | 1 Solarwinds | 1 Orion Network Performance Monitor | 2012-08-13 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx. | |||||
| CVE-2012-2305 | 2 Drupal, Justin Ellison | 2 Drupal, Node Gallery | 2012-08-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Node Gallery module for Drupal 6.x-3.1 and earlier allows remote attackers to hijack the authentication of certain users for requests that create node galleries. | |||||
| CVE-2012-3384 | 1 Wordpress | 1 Wordpress | 2012-08-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2012-2307 | 2 Drupal, Plaatsoft | 2 Drupal, Addressbook | 2012-07-30 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2012-3362 | 1 Extplorer | 1 Extplorer | 2012-07-27 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action. | |||||
| CVE-2012-2447 | 1 Netsweeper | 1 Netsweeper | 2012-07-10 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action. | |||||
| CVE-2012-0303 | 1 Symantec | 1 Message Filter | 2012-07-06 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Brightmail Control Center in Symantec Message Filter 6.3 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) execute application commands or (2) create admin accounts. | |||||
| CVE-2012-3231 | 1 Webatall | 1 Web\@all | 2012-06-28 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary code via a do_addfile action to inc/browser/action.php. | |||||
| CVE-2012-2605 | 1 Bradfordnetworks | 2 Network Sentry Appliance, Network Sentry Appliance Software | 2012-06-13 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote attackers to hijack the authentication of administrators for requests that (1) insert XSS sequences or (2) send messages to clients. | |||||
| CVE-2012-2959 | 1 Bmc | 1 Identity Management Suite | 2012-06-12 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrators for requests that change passwords. | |||||
| CVE-2012-3343 | 1 Bloxx | 1 Web Filtering | 2012-06-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Microdasys before 3.5.1-B708, as used in Bloxx Web Filtering before 5.0.14 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that trigger error pages containing XSS sequences, a different vulnerability than CVE-2012-2564. | |||||
| CVE-2012-1236 | 1 Janetter | 1 Janetter | 2012-06-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Janetter before 3.3.0.0 (aka 3.3.0) allow remote attackers to hijack the authentication of arbitrary users for requests that (1) tweet, (2) upload an image file, or (3) execute arbitrary commands. | |||||
| CVE-2011-3293 | 1 Cisco | 1 Secure Access Control Server | 2012-06-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143. | |||||
| CVE-2011-3846 | 1 Hp | 1 System Management Homepage | 2012-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 6.2.2.7 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | |||||
| CVE-2012-1083 | 1 Typo3 | 2 Terminal, Typo3 | 2012-02-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2012-0997 | 1 11in1 | 1 11in1 | 2012-02-24 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action. | |||||