888 matches found
CVE-2012-2930
Multiple cross-site request forgery CSRF vulnerabilities in TinyWebGallery TWG before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that 1 add a user via an adduser action to admin/index.php or 2 conduct static PHP code injection attacks in .htusers.php...
CVE-2012-2930
TinyWebGallery (TWG) is affected by CVE-2012-2930, CVE-2012-2931 and CVE-2012-2932, with TWG versions before 1.8.8. The root cause is insufficient validation and CSRF protections in admin/index.php vulnerabilities that enable an authenticated admin session to perform actions (e.g., add a user) vi...
CVE-2015-0705
Cross-site request forgery CSRF vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.61.9 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts, aka Bug ID CSCus97494...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.61.9 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts, aka Bug ID CSCus97494...
CVE-2015-3374
CVE-2015-3374 affects the Drupal Corner module. The vulnerability allows remote attackers to hijack administrator sessions by forcing the admin’s browser to perform CSRF requests to enable or disable corners, via unspecified vectors. Affected are Corner module versions prior to a fixed release; D...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in systemfirmwarerestorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter...
CVE-2015-0985
Cross-site request forgery CSRF vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that modify the default user's password via a GET request...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 aka Not Found HTTP status codes...
Solarwinds Orion Service SQL Injection Vulnerability
Various remote SQL injection vulnerabilities exist in the core Orion service used in most of the Solarwinds products. Affected products include Network Performance Monitor below version 11.5, NetFlow Traffic Analyzer below version 4.1, Network Configuration Manager below version 7.3.2, IP Address...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Ilch CMS allows remote attackers to hijack the authentication of administrators for requests that add a value to a profile field via a profilefields request to admin.php...
CVE-2015-2039
Multiple cross-site request forgery CSRF vulnerabilities in the Acobot Live Chat & Contact Form plugin 2.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings or 2 conduct cross-site scripting XSS attacks via the acobottok...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Mobile Domain plugin 1.5.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings or conduct cross-site scripting XSS attacks via the 2 domain, 3 text, 4 font, 5...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php...
CVE-2015-1374
CVE-2015-1374 relates to multiple CSRF vulnerabilities in ferretCMS 1.0.4-alpha, specifically in admin.php, enabling remote attackers to hijack administrator authentication for requests that perform (1) XSS, (2) SQL injection, and (3) unrestricted file upload. The connected sources confirm the af...
CVE-2014-7957
Multiple cross-site request forgery CSRF vulnerabilities in the Pods plugin before 2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 conduct cross-site scripting XSS attacks via the toggled parameter in a toggle action in the pods-componen...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the SEO Plugin LiveOptim plugin before 1.1.4-free for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are obtained from...
CVE-2014-100001
Cross-site request forgery CSRF vulnerability in the SEO Plugin LiveOptim plugin before 1.1.4-free for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are obtained from...
CVE-2014-10008
Multiple cross-site request forgery CSRF vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add 1 an administrator via a crafted request to the admin page, 2 an agent via a crafted request to the agent page, 3 a sub-agent via a...
WordPress LiveOptim Plugin <= 1.1.3 - CSRF
Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. Solution Update the plugin...
WordPress Plugin Post to Twitter Has Multiple Cross-Site Request Forgery Vulnerabilities
WordPress is a blogging platform developed using the PHP language, which allows users to set up their own weblogs on servers that support PHP and MySQL databases.Post to Twitter plugin is a plugin that supports posting information to Twitter. The WordPress plugin Post to Twitter suffers from...