325 matches found
CVE-2015-0759
Cisco Headend Digital Broadband Delivery System is affected by a CSRF vulnerability (CVE-2015-0759) where an unauthenticated attacker could cause actions in a user’s browser by tricking them into visiting a malicious link. Root cause: insufficient input validation on web requests. Impact: remote ...
WSO2 Identity Server 5.0.0 XSS / CSRF / XXE Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: WSO2 Identity Server other WSO2 Carbon based products may be affected too...
Wing FTP Server Admin 4.4.5 - Cross-Site Request Forgery (Add User)
Exploit Title: CSRF add arbitrary users Google Dork: Date: 2015-04-28 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: http://www.wftpserver.com/serverhistory.htm Software Link: http://www.wftpserver.com/ Version: 4.4.5 Tested on: windows 7 Category: webapps...
Cisco Unity Connection CUCReports Page Cross-Site Request Forgery Vulnerability
Cisco Unity Connection is the United States Cisco Cisco company's set of voice mail platform. A cross-site request forgery vulnerability exists in the Cisco Unity Connection CUCReports page, which could be exploited by an attacker to hijack the authentication of arbitrary users...
CVE-2015-3382
Multiple cross-site request forgery CSRF vulnerabilities in the Node basket module for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that 1 add or 2 remove nodes from a basket via unspecified vectors...
CVE-2015-3382
Multiple cross-site request forgery CSRF vulnerabilities in the Node basket module for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that 1 add or 2 remove nodes from a basket via unspecified vectors...
CVE-2015-3366
Cross-site request forgery CSRF vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an alfresco node via unspecified vectors...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that 1 enable or 2 disable modules or 3 change variables via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Todo Filter module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that toggle a task via unspecified vectors...
CVE-2015-3350
Cross-site request forgery CSRF vulnerability in the Todo Filter module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that toggle a task via unspecified vectors...
CVE-2015-3356
Multiple cross-site request forgery CSRF vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that 1 enable or 2 disable modules or 3 change variables via unspecified vectors...
Design/Logic Flaw
IBM Rational Jazz Team Server JTS, as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the INSERT page in Cisco Prime Infrastructure PI allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun21868...
CVE-2014-4636
Cross-site request forgery CSRF vulnerability in EMC Documentum Web Development Kit WDK before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations...
wordpress -- multiple vulnerabilities
MITRE reports: wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message. wp-includes/http.php in WordPress before 3.7.5, 3.8...
CVE-2014-7836
Multiple cross-site request forgery CSRF vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a 1 mod/lti/requesttool.php or 2...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within 1...
CVE-2014-7836
Multiple cross-site request forgery CSRF vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a 1 mod/lti/requesttool.php or 2...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a 1 mod/lti/requesttool.php or 2...
Moab User Impersonation
Moab User Impersonation : CVE-2014-5375 Software: Moab Affected Versions: All current versions of Moab. However, the impact is limited in Moab 7.2.9 and Moab 8. CVE Reference: CVE-2014-5375 Author: John Fitzpatrick, Luke Jennings MWR Labs http://labs.mwrinfosecurity.com/ Severity: High Risk Vendo...