Total
6078 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7446 | 1 Ibm | 5 Flashsystem 9846-ac2, Flashsystem 9846-ae2, Flashsystem 9848-ac2 and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2015-7407 | 1 Ibm | 1 Mashups Center | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2015-7366 | 1 Revive-adserver | 1 Revive Adserver | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script. | |||||
| CVE-2015-7364 | 1 Revive-adserver | 1 Revive Adserver | 2024-11-21 | 6.8 MEDIUM | N/A |
| The HTML_Quickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token. | |||||
| CVE-2015-7293 | 2 Plone, Zope | 2 Plone, Zope Management Interface | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. | |||||
| CVE-2015-7291 | 1 Arris | 4 Dg860a, Na Model 862 Gw Mono Firmware, Tg862a and 1 more | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-7284 | 1 Zyxel | 2 Nbg-418n, Nbg-418n Firmware | 2024-11-21 | 6.8 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-7281 | 1 Readynet Solutions | 2 Wrt300n-dd, Wrt300n-dd Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD devices with firmware 1.0.26 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-7278 | 1 Ampedwireless | 2 R10000, R10000 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on Amped Wireless R10000 devices with firmware 2.5.2.11 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-7233 | 1 Structured Dynamics | 1 Open Semantic Framework | 2024-11-21 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Import module is enabled, allows remote attackers to hijack the authentication of administrators for requests that create new OSF datasets via unspecified vectors. | |||||
| CVE-2015-6973 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafted request to user-create.jsp, (3) edit server settings or (4) disable SSL on the server via a crafted request to server-props.jsp, or (5) add clients via a crafted request to plugins/clientcontrol/permitted-clients.jsp. | |||||
| CVE-2015-6966 | 1 Nibbleblog | 1 Nibbleblog | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Nibbleblog before 4.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) create a post via a new_simple action to admin.php or (2) conduct cross-site scripting (XSS) attacks via the content parameter in a new_simple action to admin.php. | |||||
| CVE-2015-6965 | 1 Creative-solutions | 1 Contact Form Generator | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) create a field, (2) update a field, (3) delete a field, (4) create a form, (5) update a form, (6) delete a form, (7) create a template, (8) update a template, (9) delete a template, or (10) conduct cross-site scripting (XSS) attacks via a crafted request to the cfg_forms page in wp-admin/admin.php. | |||||
| CVE-2015-6944 | 1 Jsp\/mysql Administrador Web Project | 1 Jsp\/mysql Administrador Web | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to hijack the authentication of users for requests that execute arbitrary SQL commands via the cmd parameter to sys/sys/listaBD2.jsp. | |||||
| CVE-2015-6827 | 1 Auto-exchanger | 1 Auto-exchanger | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Auto-Exchanger 5.1.0 allows remote attackers to hijack the authentication of users for requests that change a password via a request to signup.php. | |||||
| CVE-2015-6728 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 7.5 HIGH | N/A |
| The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack. | |||||
| CVE-2015-6660 | 1 Drupal | 1 Drupal | 2024-11-21 | 6.8 MEDIUM | N/A |
| The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks." | |||||
| CVE-2015-6655 | 1 Pligg | 1 Pligg Cms | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin/admin_users.php. | |||||
| CVE-2015-6545 | 1 Webgroupmedia | 1 Cerb | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action. | |||||
| CVE-2015-6541 | 1 Zimbra | 1 Zimbra Collaboration Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest. | |||||