Total
4240 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-4448 | 1 Wordpress | 1 Wordpress | 2012-09-30 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action. | |||||
CVE-2012-4051 | 1 Jamf | 1 Casper Suite | 2012-09-28 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server (JSS) interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts or (2) change passwords via a Save action. | |||||
CVE-2012-3028 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2012-09-18 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service. | |||||
CVE-2012-2056 | 2 Drupal, Nathan Brink | 2 Drupal, Content Lock | 2012-09-17 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Content Lock module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2012-4893 | 1 Gentoo | 1 Webmin | 2012-09-12 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than CVE-2012-2982. | |||||
CVE-2012-4391 | 1 Owncloud | 1 Owncloud | 2012-09-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations. | |||||
CVE-2012-2316 | 1 Openkm | 1 Openkm | 2012-09-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to admin/scripting.jsp. | |||||
CVE-2012-4753 | 1 Owncloud | 1 Owncloud | 2012-09-06 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2011-4452 | 1 Wikkawiki | 1 Wikkawiki | 2012-09-06 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action. | |||||
CVE-2012-2116 | 2 Commerceguys, Drupal | 2 Commerce Reorder, Drupal | 2012-09-03 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add items to the shopping cart. | |||||
CVE-2012-4746 | 1 Zte | 1 Zxdsl | 2012-09-02 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter. | |||||
CVE-2010-5080 | 1 Silverstripe | 1 Silverstripe | 2012-08-26 | 6.8 MEDIUM | N/A |
The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HTTP referer leakage." | |||||
CVE-2012-2564 | 1 Bloxx | 1 Web Filtering | 2012-08-18 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bloxx Web Filtering before 5.0.14 allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions. | |||||
CVE-2012-4280 | 1 Rwcinc | 1 Free Realty | 2012-08-14 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/agenteditor.php in Free Realty 3.1-0.6 allow remote attackers to hijack the authentication of administrators for requests that (1) add an agent via an addagent action or (2) modify an agent. | |||||
CVE-2012-2602 | 1 Solarwinds | 1 Orion Network Performance Monitor | 2012-08-12 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx. | |||||
CVE-2012-2305 | 2 Drupal, Justin Ellison | 2 Drupal, Node Gallery | 2012-08-08 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Node Gallery module for Drupal 6.x-3.1 and earlier allows remote attackers to hijack the authentication of certain users for requests that create node galleries. | |||||
CVE-2012-3384 | 1 Wordpress | 1 Wordpress | 2012-08-08 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2012-2307 | 2 Drupal, Plaatsoft | 2 Drupal, Addressbook | 2012-07-29 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2012-3362 | 1 Extplorer | 1 Extplorer | 2012-07-26 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action. | |||||
CVE-2012-2447 | 1 Netsweeper | 1 Netsweeper | 2012-07-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action. |