Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3882 | 1 12net | 1 Login Rebuilder | 2014-06-25 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2014-2946 | 1 Huawei | 3 E303 Modem, E303 Modem Firmware, Webui | 2014-06-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request element in an XML document. | |||||
| CVE-2013-5355 | 1 Sharetronix | 1 Sharetronix | 2014-06-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Sharetronix 3.1.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) create new administrative users via unspecified vectors. | |||||
| CVE-2014-4163 | 1 Featured Comments Plugin Project | 1 Featured Comments | 2014-06-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the (1) buried or (2) featured status of a comment via a request to wp-admin/admin-ajax.php. | |||||
| CVE-2014-3850 | 1 Member Approval Plugin Project | 1 Member Approval | 2014-06-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to wp-admin/options-general.php. | |||||
| CVE-2014-3836 | 1 Owncloud | 1 Owncloud | 2014-06-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site scripting (XSS) attacks, (2) modify files, or (3) rename files via unspecified vectors. | |||||
| CVE-2013-2107 | 1 Mail On Update Project | 1 Mail On Update | 2014-05-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change the "List of alternative recipients" via the mailonupdate_mailto parameter in the mail-on-update page to wp-admin/options-general.php. NOTE: a third party claims that 5.2.1 and 5.2.2 are also vulnerable, but the issue might require a separate CVE identifier since this might reflect an incomplete fix. | |||||
| CVE-2013-2713 | 1 Krisonav | 1 Krisonav | 2014-05-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request. | |||||
| CVE-2014-3866 | 1 Usercake | 1 Usercake | 2014-05-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that change the (1) administrative password via the passwordc parameter or (2) administrative e-mail address via the email parameter. | |||||
| CVE-2014-3792 | 1 Beetel | 2 450tc2 Router, 450tc2 Router Firmware | 2014-05-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005_retail allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the uiViewTools_Password and uiViewTools_PasswordConfirm parameters to Forms/tools_admin_1. | |||||
| CVE-2014-3760 | 1 D-link | 2 Dap 1150, Dap 1150 Firmware | 2014-05-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable the DMZ in the Firewall/DMZ section via a request to index.cgi or (3) add, (4) modify, or (5) delete URL-filter settings in the Control/URL-filter section via a request to index.cgi, as demonstrated by adding a rule that blocks access to google.com. | |||||
| CVE-2014-2989 | 1 Open Assessment Technologies | 1 Tao | 2014-05-15 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Open Assessment Technologies TAO 2.5.6 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a request to Users/add. | |||||
| CVE-2013-7376 | 1 Openx | 1 Openx | 2014-05-15 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514. | |||||
| CVE-2013-2700 | 1 Webmaster-source | 1 Wp125 | 2014-05-15 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Add/Edit page (adminmenus.php) in the WP125 plugin before 1.5.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that add or edit an ad via unspecified vectors. | |||||
| CVE-2013-2692 | 1 Openvpn | 1 Openvpn Access Server | 2014-05-14 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote attackers to hijack the authentication of administrators for requests that create administrative users. | |||||
| CVE-2013-4562 | 1 Madeofcode | 1 Omniauth-facebook | 2014-05-14 | 6.8 MEDIUM | N/A |
| The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter. | |||||
| CVE-2013-2705 | 1 Tipsandtricks-hq | 1 Wordpress Simple Paypal Shopping Cart | 2014-05-14 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the WordPress Simple Paypal Shopping Cart plugin before 3.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings. | |||||
| CVE-2014-3455 | 1 Mediawiki | 1 Mediawiki | 2014-05-13 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allow remote attackers to hijack the authentication of users for requests that have unspecified impact and vectors. | |||||
| CVE-2014-3454 | 1 Mediawiki | 1 Mediawiki | 2014-05-13 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to hijack the authentication of users for requests that create categories via unspecified vectors. | |||||
| CVE-2013-5748 | 1 Simplerisk | 1 Simplerisk | 2014-05-13 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that add projects via an add_project action. | |||||