Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-352
Total 4240 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-5937 2 Click2sell, Drupal 2 Click2sell Suite Module, Drupal 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete database information via vectors involving the Drupal Form API.
CVE-2012-4059 1 Socketmail 1 Socketmail 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php in SocketMail Pro 2.2.9 allows remote attackers to hijack the authentication of arbitrary users for requests that change user security questions and answers via an upd action.
CVE-2012-4084 1 Cisco 1 Unified Computing System 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interconnect (FI) component in Cisco Unified Computing System (UCS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCtg20755.
CVE-2012-4252 1 Mysqldumper 1 Mysqldumper 2017-08-28 5.1 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to hijack the authentication of administrators for requests that (1) remove file access restriction via a deletehtaccess action, (2) drop a database via a kill value in a db action, (3) uninstall the application via a 101 value in the phase parameter to learn/cubemail/install.php, (4) delete config.php via a 2 value in the phase parameter to learn/cubemail/install.php, (5) change a password via a schutz action, or (6) execute arbitrary SQL commands via the sql_statement parameter to learn/cubemail/sql.php.
CVE-2012-4324 1 Phpjabbers 1 Vacation Rental Script 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in PHPJabbers Vacation Rental Script allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a create action in the AdminUsers module to index.php.
CVE-2012-4326 1 Altrasoft 1 Site Uptime Enterprise 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in commonsettings.php in AlstraSoft Site Uptime Enterprise, possibly 5.4, allows remote attackers to hijack the authentication of administrators.
CVE-2012-4325 1 Utopiasoftware 1 News Pro 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in upload/users.php in Utopia News Pro (UNP) 1.4.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts.
CVE-2012-4386 1 Apache 1 Struts 2017-08-28 6.8 MEDIUM N/A
The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
CVE-2012-4773 1 Intelliants 1 Subrion Cms 2017-08-28 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.
CVE-2012-4877 1 Flatnux 1 Flatnux 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts.
CVE-2012-4853 1 Ibm 1 Websphere Application Server 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger information disclosure.
CVE-2012-4935 1 Patterninsight 1 Pattern Insight 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2012-4943 1 Agilefleet 2 Fleetcommander, Fleetcommander Kiosk 2017-08-28 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to hijack the authentication of arbitrary users for requests that modify (1) passwords, (2) accounts, or (3) permissions.
CVE-2012-5004 1 Parallels 1 H-sphere 2017-08-28 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via admin/extra_packs/create_extra_pack.html.
CVE-2012-5005 1 Frankdeveloper 1 Vr Gpub 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in admin/admin_options.php in VR GPub 4.0 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an add action.
CVE-2012-5319 1 Dlink 3 Dcs-2000, Dcs-5300, Dcs-900 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter.
CVE-2012-5320 1 Sagem 2 F\@st 2604, F\@st 2604 Firmware 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in password.cgi in Sagem F@ST 2604 253180972B allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.
CVE-2012-5323 1 Xavi 1 X7968 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in webconfig/admin_passwd/passwd.html/admin_passwd in Xavi X7968 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysUserName, sysPassword, and sysCfmPwd parameters.
CVE-2012-5326 1 Idevspot 1 Isupport 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in admin/function.php in IDevSpot iSupport 1.x allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via an administrators action.
CVE-2012-5387 2 Videousermanuals, Wordpress 2 White-label-cms, Wordpress 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.