Search
Total
1129 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9368 | 1 Twitterdash Project | 1 Twitterdash | 2014-12-22 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the twitterDash plugin 2.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the username_twitterDash parameter in the twitterDash.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9340 | 1 Wpcommenttwit Project | 1 Wpcommenttwit | 2014-12-22 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the wpCommentTwit plugin 0.5 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) username or (2) password parameter in the wpCommentTwit.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9341 | 1 Yurl Retwitt Project | 1 Yurl Retwitt | 2014-12-22 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the yURL ReTwitt plugin 1.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) yurl_login or (2) yurl_anchor parameter in the yurl page to wp-admin/options-general.php. | |||||
| CVE-2014-9338 | 1 O2tweet Project | 1 O2tweet | 2014-12-22 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the O2Tweet plugin 0.0.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) o2t_username or (2) o2t_tags parameter to wp-admin/options-general.php. | |||||
| CVE-2014-9339 | 1 Jayde Online | 1 Spnbabble | 2014-12-22 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the SPNbabble plugin 1.4.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) username or (2) password parameter in the spnbabble.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9337 | 1 Mikiurl Wordpress Eklentisi Project | 1 Mikiurl Wordpress Eklentisi | 2014-12-22 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Mikiurl Wordpress Eklentisi plugin 2.0 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) twitter_kullanici or (2) twitter_sifre parameter in a kaydet action in the mikiurl.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9336 | 1 Itwitter Project | 1 Itwitter | 2014-12-22 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the iTwitter plugin 0.04 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) itex_t_twitter_username or (2) itex_t_twitter_userpass parameter in the iTwitter.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9407 | 1 Revive-adserver | 1 Revive Adserver | 2014-12-19 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-delete.php in admin/ or (4) unlink accounts via a request to admin-user-unlink.php. (5) advertiser-user-unlink.php, or (6) affiliate-user-unlink.php in admin/. | |||||
| CVE-2014-5437 | 1 Arris | 2 Touchstone Tg862g\/ct, Touchstone Tg862g\/ct Firmware | 2014-12-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php, (2) add a port forwarding rule via a request to port_forwarding_add.php, (3) change the wireless network to open via a request to wireless_network_configuration_edit.php, or (4) conduct cross-site scripting (XSS) attacks via the keyword parameter to managed_sites_add_keyword.php. | |||||
| CVE-2014-2358 | 1 Fox-it | 1 Fox Datadiode | 2014-12-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create administrative users, (2) remove administrative users, or (3) change permissions. | |||||
| CVE-2014-8771 | 1 X3cms | 1 X3 Cms | 2014-12-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the admin area in X3 CMS 0.5.1 and 0.5.1.1 allow remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2014-9099 | 1 Whydowork Adsense Project | 1 Whydowork Adsense | 2014-11-26 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the whydowork_adsense page in wp-admin/options-general.php. | |||||
| CVE-2014-8948 | 1 Imember360 | 1 Imember360 | 2014-11-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to execute arbitrary commands. | |||||
| CVE-2014-5205 | 1 Wordpress | 1 Wordpress | 2014-11-14 | 6.8 MEDIUM | N/A |
| wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack. | |||||
| CVE-2012-5500 | 1 Plone | 1 Plone | 2014-11-05 | 4.3 MEDIUM | N/A |
| The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request. | |||||
| CVE-2014-8521 | 1 Mcafee | 1 Network Data Loss Prevention | 2014-10-30 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-8523 | 1 Mcafee | 1 Network Data Loss Prevention | 2014-10-30 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2014-7281 | 1 Tenda | 2 A32, A32 Firmware | 2014-10-24 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot. | |||||
| CVE-2013-7407 | 1 Drupal | 1 Mrbs Module | 2014-10-23 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2014-4510 | 1 Debian | 1 Apt-cacher | 2014-10-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng 0.7.26 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-0168 | 1 Jolokia | 1 Jolokia | 2014-10-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page. | |||||
| CVE-2013-2645 | 1 Tp-link | 1 Firmware | 2014-10-06 | 9.3 HIGH | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka "FTP directory traversal") to /tmp via the shareEntire parameter to userRpm/NasFtpCfgRpm.htm, (2) change the FTP administrative password via the nas_admin_pwd parameter to userRpm/NasUserAdvRpm.htm, (3) enable FTP on the WAN interface via the internetA parameter to userRpm/NasFtpCfgRpm.htm, (4) launch the FTP service via the startFtp parameter to userRpm/NasFtpCfgRpm.htm, or (5) enable or disable bandwidth limits via the QoSCtrl parameter to userRpm/QoSCfgRpm.htm. | |||||
| CVE-2014-6299 | 1 Mm Forum Project | 1 Mm Forum | 2014-10-06 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors. | |||||
| CVE-2014-7190 | 1 Openfiler | 1 Openfiler | 2014-10-01 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Openfiler 2.99.1 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown or (2) reboot the server via a request to admin/system_shutdown.html. | |||||
| CVE-2013-3068 | 1 Cisco | 2 Linksys Wrt310n Router Firmware, Linksys Wrt350n | 2014-10-01 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports. | |||||
| CVE-2013-3083 | 1 Belkin | 1 F5d8236-4 V2 | 2014-10-01 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_setting.exe in Belkin F5D8236-4 v2 allows remote attackers to hijack the authentication of administrators for requests that open the remote management interface on arbitrary ports via the remote_mgmt_enabled and remote_mgmt_port parameters. | |||||
| CVE-2013-3086 | 1 Belkin | 2 N900, N900 Firmware | 2014-10-01 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in util_system.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration settings including passwords and remote management ports. | |||||
| CVE-2013-3089 | 1 Belkin | 2 N300, N300 Firmware | 2014-10-01 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify configuration. | |||||
| CVE-2014-3907 | 1 Mailpoet | 1 Mailpoet Newsletters | 2014-08-27 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2014-5346 | 1 Disqus | 1 Disqus Comment System | 2014-08-20 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) activate or (2) deactivate the plugin via the active parameter to wp-admin/edit-comments.php, (3) import comments via an import_comments action, or (4) export comments via an export_comments action to wp-admin/index.php. | |||||
| CVE-2014-5199 | 1 Wordpress File Upload Project | 1 Wordpress File Upload | 2014-08-13 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-3854 | 1 Pyplate | 1 Pyplate | 2014-08-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/addScript.py in Pyplate 0.08 allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the title parameter. | |||||
| CVE-2013-7259 | 1 Neo4j | 1 Neo4j | 2014-08-04 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/. | |||||
| CVE-2014-2974 | 1 Silver-peak | 1 Vx | 2014-07-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | |||||
| CVE-2014-2369 | 1 Omron | 6 Ns10 Hmi Terminal, Ns12 Hmi Terminal, Ns15 Hmi Terminal and 3 more | 2014-07-24 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2014-4155 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2014-07-18 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1. | |||||
| CVE-2014-4162 | 1 Zyxel | 1 P-660hw | 2014-07-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change the (1) wifi password or (2) SSID via a request to Forms/WLAN_General_1. | |||||
| CVE-2014-4614 | 1 Piwigo | 1 Piwigo | 2014-07-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5) pwg.permissions.add, or (6) pwg.permissions.remove method. | |||||
| CVE-2014-4718 | 1 Lunarcms | 1 Lunar Cms | 2014-07-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CMS before 3.3-3 allow remote attackers to hijack the authentication of administrators for requests that (1) add Super users via a request to admin/user_create.php or conduct cross-site scripting (XSS) attacks via the (2) email or (3) subject parameter in contact_form.ext.php to admin/extensions.php. | |||||
| CVE-2014-4717 | 1 Davidsneal | 1 Simple Share Buttons Adder | 2014-07-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts. | |||||
| CVE-2014-4716 | 1 Thomson | 1 Twg87ouir | 2014-07-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Thomson TWG87OUIR allows remote attackers to hijack the authentication of unspecified victims for requests that change passwords via the Password and PasswordReEnter parameters to goform/RgSecurity. | |||||
| CVE-2014-3881 | 1 Intercom | 1 Web Kyukincho | 2014-06-30 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2014-3843 | 2 Wordpress, Zemanta | 2 Wordpress, Search Everything | 2014-06-27 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Search Everything plugin before 8.1.1 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2014-3845 | 2 Tinymce, Wordpress | 2 Color Picker, Wordpress | 2014-06-27 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-4030 | 1 Longtailvideo | 1 Jw Player For Flash \& Html5 Video Plugin | 2014-06-26 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php. | |||||
| CVE-2014-3882 | 1 12net | 1 Login Rebuilder | 2014-06-25 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2014-2946 | 1 Huawei | 3 E303 Modem, E303 Modem Firmware, Webui | 2014-06-18 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request element in an XML document. | |||||
| CVE-2013-5355 | 1 Sharetronix | 1 Sharetronix | 2014-06-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Sharetronix 3.1.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) create new administrative users via unspecified vectors. | |||||
| CVE-2014-4163 | 1 Featured Comments Plugin Project | 1 Featured Comments | 2014-06-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the (1) buried or (2) featured status of a comment via a request to wp-admin/admin-ajax.php. | |||||
| CVE-2014-3850 | 1 Member Approval Plugin Project | 1 Member Approval | 2014-06-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to wp-admin/options-general.php. | |||||