Search Results (9416 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-2190 1 Cisco 1 Broadband Access Center Telco Wireless Software 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to hijack the authentication of arbitrary users for requests that make BAC-TW changes, aka Bug IDs CSCuo23804 and CSCuo26389.
CVE-2016-4506 1 Resourcedm 1 Intuitive 650 Tdb Controller 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allows remote authenticated users to hijack the authentication of arbitrary users.
CVE-2014-2249 1 Siemens 1 Simatic S7-1500 Cpu Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2016-4494 1 Kmc Controls 2 Bac-5051e, Bac-5051e Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file.
CVE-2016-6427 1 Cisco 2 Unified Contact Center Express, Unified Intelligence Center 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654.
CVE-2016-6417 1 Cisco 1 Firesight System Software 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636.
CVE-2016-4066 1 Fortinet 1 Fortiweb 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Fortinet FortiWeb before 5.5.3 allows remote attackers to hijack the authentication of administrators for requests that change the password via unspecified vectors.
CVE-2013-4726 1 Ddsn 1 Cm3 Acora Content Management System 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-5665 1 Lockon 1 Ec-cube 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function.
CVE-2015-0651 1 Cisco 1 Application Networking Manager 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753.
CVE-2015-6262 1 Cisco 1 Prime Infrastructure 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059.
CVE-2014-2974 1 Silver-peak 1 Vx 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
CVE-2016-2889 1 Ibm 1 Jazz Reporting Service 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authenticated users to hijack the authentication of arbitrary users.
CVE-2016-2878 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2015-6728 1 Mediawiki 1 Mediawiki 2025-04-12 N/A
The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.
CVE-2015-2755 1 Ab Google Map Travel Project 1 Ab Google Map Travel 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the AB Google Map Travel (AB-MAP) plugin before 4.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameter in the ab_map_options page to wp-admin/admin.php.
CVE-2016-4069 2 Opensuse, Roundcube 2 Leap, Webmail 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.
CVE-2015-7281 1 Readynet Solutions 2 Wrt300n-dd, Wrt300n-dd Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD devices with firmware 1.0.26 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-2805 1 Alcatel-lucent 10 Omniswitch 10k, Omniswitch 6250, Omniswitch 6400 and 7 more 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.
CVE-2015-7284 1 Zyxel 2 Nbg-418n, Nbg-418n Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users.