Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0895 | 1 Tips And Tricks Hq | 1 All In One Wordpress Security And Firewall | 2015-03-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes. | |||||
| CVE-2015-2048 | 1 D-link | 2 Dcs-931l, Dcs-931l Firmware | 2015-02-24 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2014-9101 | 2 Oxwall, Skalfa | 2 Oxwall, Skadate Lite | 2015-02-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 (build 7907 and 7906) and SkaDate Lite 2.0 (build 7651) allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks or possibly have other unspecified impact via the (1) label parameter to admin/users/roles/, (2) lang[1][base][questions_account_type_5615100a931845eca8da20cfdf7327e0] in an AddAccountType action or (3) qst_name parameter in an addQuestion action to admin/questions/ajax-responder/, or (4) form_name or (5) restrictedUsername parameter to admin/restricted-usernames. | |||||
| CVE-2014-9300 | 1 Alfresco | 1 Alfresco | 2015-02-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition before 5.0.a allows remote attackers to hijack the authentication of users for requests that access unauthorized URLs and obtain user credentials via a URL in the url parameter. | |||||
| CVE-2015-1581 | 1 Mobile Domain Project | 1 Mobile Domain | 2015-02-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Mobile Domain plugin 1.5.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) domain, (3) text, (4) font, (5) fontcolor, (6) color, or (7) padding parameter in an add-domain action in the mobile-domain page to wp-admin/options-general.php. | |||||
| CVE-2015-1580 | 1 Redirection Project | 1 Redirection | 2015-02-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) source or (3) redir parameter in an add action in the redirection-page to wp-admin/options-general.php. | |||||
| CVE-2014-7270 | 1 Asus | 10 Rt-ac56s, Rt-ac56s Firmware, Rt-ac68u and 7 more | 2015-02-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2014-9041 | 1 Owncloud | 1 Owncloud | 2015-02-05 | 6.8 MEDIUM | N/A |
| The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks. | |||||
| CVE-2015-1374 | 1 Ferretcms Project | 1 Ferretcms | 2015-01-27 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct (1) cross-site scripting (XSS), (2) SQL injection, or (3) unrestricted file upload attacks. | |||||
| CVE-2014-9587 | 1 Roundcube | 1 Webmail | 2015-01-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins. | |||||
| CVE-2014-9459 | 1 E107 | 1 E107 | 2015-01-13 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action. | |||||
| CVE-2014-10025 | 1 D-link | 2 Dap-1360, Dap-1360 Firmware | 2015-01-13 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, or (9) Max Associated Clients setting via a crafted request to index.cgi. | |||||
| CVE-2014-10006 | 1 Maianscriptworld | 1 Maian Uploader | 2015-01-13 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attackers to hijack the authentication of unspecified users for requests that conduct cross-site scripting (XSS) attacks via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php. | |||||
| CVE-2014-10027 | 1 D-link | 2 Dap-1360, Dap-1360 Firmware | 2015-01-13 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that (1) change the MAC filter restrict mode, (2) add a MAC address to the filter, or (3) remove a MAC address from the filter via a crafted request to index.cgi. | |||||
| CVE-2014-9510 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2015-01-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import. | |||||
| CVE-2014-9524 | 1 Facebook Like Box Project | 1 Facebook Like Box | 2015-01-06 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) frm_title, (3) frm_url, (4) frm_border_color, (5) frm_width, or (6) frm_height parameter in the slug_for_fb_like_box page to wp-admin/admin.php. | |||||
| CVE-2014-9523 | 1 Smartcat | 1 Our Team Showcase | 2015-01-06 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanced) plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_our_team_member_count parameter in the sc_team_settings page to wp-admin/edit.php. | |||||
| CVE-2014-9276 | 1 Mediawiki | 1 Mediawiki | 2015-01-06 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authentication of users with edit permissions for requests that cross-site scripting (XSS) attacks via the wpInput parameter, which is not properly handled in the preview. | |||||
| CVE-2010-5320 | 1 Memht | 1 Memht Portal | 2015-01-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a configuration action to admin.php, (2) modify articles via an articles action to admin.php, or (3) modify credentials via a users action to admin.php. | |||||
| CVE-2010-5319 | 1 Kan-studio | 1 Kandidat Cms | 2015-01-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Kandidat CMS 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a validate action to admin/settings.php, (2) modify pages via the what parameter to admin/edit.php, or (3) modify articles via the edit parameter to admin/news.php. | |||||