Search Results (9372 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-6631 1 Vessio 1 Netbill 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in accounts/admin/index.php in Vessio NetBill 1.2 allows remote attackers to hijack the authentication of administrators for requests that add accounts via a new-client action.
CVE-2013-3694 3 Apple, Blackberry, Microsoft 3 Mac Os X, Blackberry Link, Windows 2025-04-11 N/A
BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving DNS rebinding.
CVE-2012-6518 1 Diy-cms 1 Diy-cms 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in mod.php in DiY-CMS 1.0 allows remote attackers to hijack the authentication of administrators for requests that create a poll via an add action to the poll module.
CVE-2013-5355 1 Sharetronix 1 Sharetronix 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Sharetronix 3.1.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) create new administrative users via unspecified vectors.
CVE-2012-6433 1 E107 1 E107 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action.
CVE-2012-5763 1 Ibm 1 Netezza 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-2057 2 Drupal, Miura 2 Drupal, Ubercart Bulk Stock Updater 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Ubercart Bulk Stock Updater module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors related to formAPI.
CVE-2012-2069 2 Drupal, Mclewin 2 Drupal, Wishlist 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via the (1) wl_reveal or (2) q parameters.
CVE-2013-5313 1 Bigtreecms 1 Bigtree Cms 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action.
CVE-2012-5622 1 Redhat 1 Openshift 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors.
CVE-2014-1211 1 Vmware 1 Vcloud Director 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.
CVE-2012-2077 2 Drupal, Rob Loach 2 Drupal, Sharethis 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permissions via unknown vectors "outside of the Form API."
CVE-2012-5178 2 Welcart, Wordpress 2 Welcart Plugin, Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that complete a purchase.
CVE-2012-2116 2 Commerceguys, Drupal 2 Commerce Reorder, Drupal 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add items to the shopping cart.
CVE-2012-2128 1 Andreas Gohr 1 Dokuwiki 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129: "the exploit code simply uses the XSS hole to extract a valid CSRF token."
CVE-2012-4893 1 Gentoo 1 Webmin 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than CVE-2012-2982.
CVE-2011-4642 1 Splunk 1 Splunk 2025-04-11 N/A
mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172.
CVE-2012-4486 2 Boombatower, Drupal 2 Subuser, Drupal 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors.
CVE-2011-2908 1 Redhat 6 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 3 more 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.
CVE-2012-4326 1 Altrasoft 1 Site Uptime Enterprise 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in commonsettings.php in AlstraSoft Site Uptime Enterprise, possibly 5.4, allows remote attackers to hijack the authentication of administrators.