Total
7746 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2522 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program. | |||||
| CVE-2011-1397 | 1 Ibm | 6 Maximo Asset Management, Maximo Asset Management Essentials, Maximo Service Desk and 3 more | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2011-0277 | 1 Hp | 1 Power Manager | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts. | |||||
| CVE-2013-3605 | 1 Trivantis | 1 Coursemill Learning Management System | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Coursemill Learning Management System (LMS) 6.6 allows remote attackers to hijack the authentication of arbitrary users via vectors related to cookies. | |||||
| CVE-2010-1547 | 1 Chaos Tool Suite Project | 1 Ctools | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a page via a q=admin/build/pages/nojs/enable/ value or (2) disable a page via a q=admin/build/pages/nojs/disable/ value. | |||||
| CVE-2010-4519 | 2 Drupal, Earl Miles | 2 Drupal, Views | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable all Views or (2) disable all Views. | |||||
| CVE-2010-4106 | 1 Hp | 1 Insight Control For Linux | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Insight Control for Linux before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2012-4877 | 1 Flatnux | 1 Flatnux | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts. | |||||
| CVE-2012-2056 | 2 Drupal, Nathan Brink | 2 Drupal, Content Lock | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Content Lock module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2012-6134 | 1 Omniauth-oauth2 Project | 1 Omniauth-oauth2 | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state. | |||||
| CVE-2013-3424 | 1 Cisco | 1 Secure Access Control System | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Administration and View pages in Cisco Secure Access Control System (ACS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCud75177. | |||||
| CVE-2011-0447 | 1 Rubyonrails | 1 Rails | 2025-04-11 | 6.8 MEDIUM | N/A |
| Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a related issue to CVE-2011-0696. | |||||
| CVE-2012-1058 | 1 Flyspray | 1 Flyspray | 2025-04-11 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an admin.newuser action to index.php. | |||||
| CVE-2012-0308 | 1 Symantec | 1 Messaging Gateway | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators. | |||||
| CVE-2012-2728 | 2 Drupal, Ronan Dowling | 2 Drupal, Node Hierarchy | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Node Hierarchy module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to hijack the authentication of administrators for requests that change a node hierarchy position via an (1) up or (2) down action. | |||||
| CVE-2013-0489 | 1 Ibm | 1 Lotus Domino | 2025-04-11 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote authenticated users to hijack the authentication of administrators. | |||||
| CVE-2010-2111 | 1 Pacifictimesheet | 1 Pacific Timesheet | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in user/user-set.do in Pacific Timesheet 6.74 build 363 allows remote attackers to hijack the authentication of administrators for requests that create a new administrator via a new_admin action. | |||||
| CVE-2012-2057 | 2 Drupal, Miura | 2 Drupal, Ubercart Bulk Stock Updater | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Ubercart Bulk Stock Updater module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors related to formAPI. | |||||
| CVE-2011-0886 | 1 Smc Networks | 2 Smcd3g-ccr, Smcd3g-ccr Firmware | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 allow remote attackers to (1) hijack the intranet connectivity of arbitrary users for requests that perform a login via goform/login, or hijack the authentication of administrators for requests that (2) enable external logins via an mso_remote_enable action to goform/RemoteRange or (3) change DNS settings via a manual_dns_enable action to goform/Basic. | |||||
| CVE-2011-3636 | 1 Redhat | 1 Freeipa | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes. | |||||