Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9003 | 1 Lantronix | 1 Xprintserver | 2017-09-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action. | |||||
| CVE-2014-9027 | 1 Zteusa | 1 Zxdsl 831cii | 2017-09-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the (1) enblftp, (2) enblhttp, (3) enblsnmp, (4) enbltelnet, (5) enbltftp, (6) enblicmp, or (7) enblssh parameter to accesslocal.cmd. | |||||
| CVE-2014-9334 | 1 Bird Feeder Project | 1 Bird Feeder | 2017-09-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Bird Feeder plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) user or (2) password parameter in the bird-feeder page to wp-admin/options-general.php. | |||||
| CVE-2014-9335 | 1 Dandyid Services Project | 1 Dandyid Services | 2017-09-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) email_address or (2) sidebarTitle parameter in the dandyid-services.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9344 | 1 Globiz Solutions | 1 Snowfox Content Management System | 2017-09-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a submit action in the admin/accounts/create uri to snowfox/. | |||||
| CVE-2014-9393 | 1 Post To Twitter Project | 1 Post To Twitter | 2017-09-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Post to Twitter plugin 0.7 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) idptt_twitter_username or (2) idptt_tweet_prefix parameter to wp-admin/options-general.php. | |||||
| CVE-2014-9394 | 1 Pwgrandom Project | 1 Pwgrandom | 2017-09-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the PWGRandom plugin 1.11 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) pwgrandom_title or (2) pwgrandom_category parameter in the pwgrandom page to wp-admin/options-general.php. | |||||
| CVE-2014-9396 | 1 Simpleflickr Project | 1 Simpleflickr | 2017-09-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleFlickr plugin 3.0.3 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simpleflickr_width, (2) simpleflickr_bgcolor, or (3) simpleflickr_xmldatapath parameter in the simpleFlickr.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9397 | 1 Twimp-wp Project | 1 Twimp-wp | 2017-09-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the twimp-wp plugin for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the message_format parameter in the twimp-wp.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9400 | 1 Wp Unique Article Header Image Project | 1 Wp Unique Article Header Image | 2017-09-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Wp Unique Article Header Image plugin 1.0 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) gt_default_header or (2) gt_homepage_header parameter in the wp-unique-header.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9401 | 1 Wp Limit Posts Automatically Project | 1 Wp Limit Posts Automatically | 2017-09-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the WP Limit Posts Automatically plugin 0.7 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the lpa_post_letters parameter in the wp-limit-posts-automatically.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9413 | 1 Ip Ban Project | 1 Ip Ban | 2017-09-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the IP Ban (simple-ip-ban) plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ip_list, (2) user_agent_list, or (3) redirect_url parameter in the simple-ip-ban page to wp-admin/options-general.php. | |||||
| CVE-2014-9460 | 1 Justin Klein | 1 Wp-vipergb | 2017-09-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) vgb_page or (3) vgb_items_per_pg parameter in the wp-vipergb page to wp-admin/options-general.php. | |||||
| CVE-2014-9431 | 1 Smoothwall | 1 Smoothwall | 2017-09-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi. | |||||
| CVE-2014-9437 | 1 Sliding Social Icons Project | 1 Sliding Social Icons | 2017-09-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_social_slider_margin parameter in a wpbs_save_settings action in the wpbs_panel page to wp-admin/admin.php. | |||||
| CVE-2014-9438 | 1 Vbulletin | 1 Vbulletin | 2017-09-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that (1) ban a user via the username parameter in a dobanuser action to modcp/banning.php or (2) unban a user, (3) modify user profiles, edit a (4) post or (5) topic, or approve a (6) post or (7) topic via unspecified vectors. | |||||
| CVE-2014-9441 | 1 Lightbox Photo Gallery Project | 1 Lightbox Photo Gallery | 2017-09-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) ll__opt[image2_url] or (3) ll__opt[image3_url] parameter in a ll_save_settings action to wp-admin/admin-ajax.php. | |||||
| CVE-2014-9454 | 1 Simple Sticky Footer Project | 1 Simple Sticky Footer | 2017-09-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before 1.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) simple_sf_width or (3) simple_sf_style parameter in the simple-simple-sticky-footer page to wp-admin/themes.php. | |||||
| CVE-2014-9525 | 1 Timed Popup Project | 1 Timed Popup | 2017-09-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugin 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_popup_subtitle parameter in the wp-popup.php page to wp-admin/options-general.php. | |||||
| CVE-2015-0596 | 1 Cisco | 1 Webex Meetings Server | 2017-09-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163. | |||||