Lucene search
+L

325 matches found

CVE
CVE
added 2015/06/02 2:0 p.m.43 views

CVE-2015-0759

Cisco Headend Digital Broadband Delivery System is affected by a CSRF vulnerability (CVE-2015-0759) where an unauthenticated attacker could cause actions in a user’s browser by tricking them into visiting a malicious link. Root cause: insufficient input validation on web requests. Impact: remote ...

6.8CVSS7.4AI score0.00912EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2015/05/13 12:0 a.m.60 views

WSO2 Identity Server 5.0.0 XSS / CSRF / XXE Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: WSO2 Identity Server other WSO2 Carbon based products may be affected too...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2015/05/11 12:0 a.m.34 views

Wing FTP Server Admin 4.4.5 - Cross-Site Request Forgery (Add User)

Exploit Title: CSRF add arbitrary users Google Dork: Date: 2015-04-28 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: http://www.wftpserver.com/serverhistory.htm Software Link: http://www.wftpserver.com/ Version: 4.4.5 Tested on: windows 7 Category: webapps...

7.4AI score
Exploits0
CNVD
CNVD
added 2015/05/07 12:0 a.m.2 views

Cisco Unity Connection CUCReports Page Cross-Site Request Forgery Vulnerability

Cisco Unity Connection is the United States Cisco Cisco company's set of voice mail platform. A cross-site request forgery vulnerability exists in the Cisco Unity Connection CUCReports page, which could be exploited by an attacker to hijack the authentication of arbitrary users...

6.8CVSS7.1AI score0.00824EPSS
Exploits0References1
NVD
NVD
added 2015/04/21 6:59 p.m.22 views

CVE-2015-3382

Multiple cross-site request forgery CSRF vulnerabilities in the Node basket module for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that 1 add or 2 remove nodes from a basket via unspecified vectors...

5.8CVSS7.3AI score0.00649EPSS
Exploits0References3
Cvelist
Cvelist
added 2015/04/21 6:0 p.m.25 views

CVE-2015-3382

Multiple cross-site request forgery CSRF vulnerabilities in the Node basket module for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that 1 add or 2 remove nodes from a basket via unspecified vectors...

7.3AI score0.00649EPSS
Exploits0References3
NVD
NVD
added 2015/04/21 4:59 p.m.17 views

CVE-2015-3366

Cross-site request forgery CSRF vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an alfresco node via unspecified vectors...

5.8CVSS7.2AI score0.00656EPSS
Exploits0References4
Prion
Prion
added 2015/04/21 4:59 p.m.10 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that 1 enable or 2 disable modules or 3 change variables via unspecified vectors...

6.8CVSS7.9AI score0.00656EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2015/04/21 4:59 p.m.11 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Todo Filter module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that toggle a task via unspecified vectors...

6.8CVSS7.7AI score0.00656EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2015/04/21 4:0 p.m.20 views

CVE-2015-3350

Cross-site request forgery CSRF vulnerability in the Todo Filter module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that toggle a task via unspecified vectors...

7.2AI score0.00656EPSS
Exploits0References5
Cvelist
Cvelist
added 2015/04/21 4:0 p.m.20 views

CVE-2015-3356

Multiple cross-site request forgery CSRF vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that 1 enable or 2 disable modules or 3 change variables via unspecified vectors...

7.4AI score0.00656EPSS
Exploits0References4
Prion
Prion
added 2015/03/18 10:59 a.m.21 views

Design/Logic Flaw

IBM Rational Jazz Team Server JTS, as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x...

4CVSS6.5AI score0.01332EPSS
Exploits0References1Affected Software5
Prion
Prion
added 2015/02/12 1:59 a.m.22 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the INSERT page in Cisco Prime Infrastructure PI allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun21868...

6.8CVSS7.7AI score0.00984EPSS
Exploits0References4
NVD
NVD
added 2015/01/07 2:59 a.m.23 views

CVE-2014-4636

Cross-site request forgery CSRF vulnerability in EMC Documentum Web Development Kit WDK before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations...

6.8CVSS7.2AI score0.01098EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2014/11/25 12:0 a.m.47 views

wordpress -- multiple vulnerabilities

MITRE reports: wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message. wp-includes/http.php in WordPress before 3.7.5, 3.8...

6.8CVSS6.9AI score0.82702EPSS
Exploits7
NVD
NVD
added 2014/11/24 11:59 a.m.24 views

CVE-2014-7836

Multiple cross-site request forgery CSRF vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a 1 mod/lti/requesttool.php or 2...

6.8CVSS7.2AI score0.01006EPSS
Exploits0References4
Prion
Prion
added 2014/11/24 11:59 a.m.20 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within 1...

6.8CVSS7.8AI score0.01006EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2014/11/24 11:59 a.m.22 views

CVE-2014-7836

Multiple cross-site request forgery CSRF vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a 1 mod/lti/requesttool.php or 2...

6.8CVSS6AI score0.01006EPSS
Exploits0References2
Prion
Prion
added 2014/11/24 11:59 a.m.19 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a 1 mod/lti/requesttool.php or 2...

6.8CVSS7.9AI score0.01006EPSS
Exploits0References4Affected Software1
Packet Storm
Packet Storm
added 2014/09/30 12:0 a.m.58 views

Moab User Impersonation

Moab User Impersonation : CVE-2014-5375 Software: Moab Affected Versions: All current versions of Moab. However, the impact is limited in Moab 7.2.9 and Moab 8. CVE Reference: CVE-2014-5375 Author: John Fitzpatrick, Luke Jennings MWR Labs http://labs.mwrinfosecurity.com/ Severity: High Risk Vendo...

4CVSS6.7AI score0.0168EPSS
Exploits3
Rows per page
Query Builder