Export limit exceeded: 10197 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10197 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-4255 | 1 Cisco | 1 Telepresence Ip Gateway | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP Gateway devices with software 2.0(3.34) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90734. | ||||
| CVE-2015-4256 | 1 Cisco | 1 Telepresence Ip Vcr 3.0 | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP VCR devices with software 3.0(1.27) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90736. | ||||
| CVE-2015-4257 | 1 Cisco | 1 Telepresence Mcu Software | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MCU 4500 devices with software 4.5(1.55) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90710. | ||||
| CVE-2015-4258 | 1 Cisco | 1 Telepresence Mse 8000 Series | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MSE 8000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90444. | ||||
| CVE-2015-4267 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940. | ||||
| CVE-2015-4382 | 1 Invoice Project | 1 Invoice | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) create, (2) delete, or (3) alter invoices via unspecified vectors. | ||||
| CVE-2015-4281 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146. | ||||
| CVE-2015-4349 | 1 Spider Contacts Project | 1 Spider Contacts | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Spider Contacts module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete contact categories via unspecified vectors. | ||||
| CVE-2015-4350 | 1 Web-dorado | 1 Spider Catalog | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Spider Catalog module for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete (1) products, (2) ratings, or (3) categories via unspecified vectors. | ||||
| CVE-2015-4352 | 1 Web-dorado | 1 Web-dorado Spider Video Player | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete videos via unspecified vectors. | ||||
| CVE-2015-4353 | 1 Osscube | 1 Custom Sitemap | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Custom Sitemap module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete sitemaps via unspecified vectors. | ||||
| CVE-2015-4355 | 1 Watchdog Aggregator Project | 1 Watchdog Aggregator | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Watchdog Aggregator module for Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable monitoring sites via unspecified vectors. | ||||
| CVE-2015-4360 | 1 Registration Codes Project | 1 Registration Codes | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete role-rules via unspecified vectors. | ||||
| CVE-2015-4361 | 1 Registration Codes Project | 1 Registration Codes | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Registration codes module before 6.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete registration codes via unspecified vectors. | ||||
| CVE-2015-4362 | 1 Tracking Code Project | 1 Tracking Code | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in tracking_code.admin.inc in the Tracking Code module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that disable tracking codes via unspecified vectors. | ||||
| CVE-2015-4364 | 1 Campaign Monitor Project | 1 Campaign Monitor | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in includes/campaignmonitor_lists.admin.inc in the Campaign Monitor module 7.x-1.0 for Drupal allow remote attackers to hijack the authentication of users for requests that (1) enable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/enable or (2) disable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/disable. NOTE: this refers to an issue in an independently developed Drupal module, and NOT an issue in the Campaign Monitor software itself (described on the campaignmonitor.com web site). | ||||
| CVE-2015-4379 | 1 Webform Multiple File Upload Project | 1 Webform Multiple File Upload | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors. | ||||
| CVE-2016-1174 | 1 Hiniarata | 1 Casebook Plugin | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators. | ||||
| CVE-2013-4240 | 1 Hitmyserver | 1 Hms Testimonials | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add new testimonials via the hms-testimonials-addnew page, (2) add new groups via the hms-testimonials-addnewgroup page, (3) change default settings via the hms-testimonials-settings page, (4) change advanced settings via the hms-testimonials-settings-advanced page, (5) change custom fields settings via the hms-testimonials-settings-fields page, or (6) change template settings via the hms-testimonials-templates-new page to wp-admin/admin.php. | ||||
| CVE-2016-7034 | 1 Redhat | 3 Jboss Bpm Suite, Jboss Bpms, Jboss Data Virtualization | 2025-04-12 | N/A |
| The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token. | ||||