Total
6076 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2295 | 1 Netgate | 1 Pfsense | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter. | |||||
| CVE-2015-2293 | 1 Yoast | 1 Wordpress Seo | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote attackers to hijack the authentication of certain users for requests that conduct SQL injection attacks via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page. | |||||
| CVE-2015-2248 | 1 Sonicwall | 1 Remote Access Firmware | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request to cgi-bin/editBookmark. | |||||
| CVE-2015-2143 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecified impact via unknown parameters. | |||||
| CVE-2015-2142 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, (2) hijack the authentication of users for requests that cause an unspecified impact via the group_id parameter to group.php, (3) hijack the authentication of users for requests that delete statuses via the status_id parameter to status.php, (4) hijack the authentication of users for requests that delete severities via the severity_id parameter to severity.php, (5) hijack the authentication of users for requests that cause an unspecified impact via the priority_id parameter to priority.php, (6) hijack the authentication of users for requests that delete the operating system via the os_id parameter to os.php, (7) hijack the authentication of users for requests that delete databases via the database_id parameter to database.php, or (8) hijack the authentication of users for requests that delete sites via the site_id parameter to sites.php. | |||||
| CVE-2015-2134 | 1 Hp | 1 System Management Homepage | 2024-11-21 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2015-2089 | 1 Crossslide Jquery Project | 1 Crossslide Jquery | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) csj_width, (3) csj_height, (4) csj_sleep, (5) csj_fade, or (6) upload_image parameter in the thisismyurl_csj.php page to wp-admin/options-general.php. | |||||
| CVE-2015-2084 | 1 Cybernetikz | 1 Easy Social Icons | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the image_file parameter in an edit action in the cnss_social_icon_add page to wp-admin/admin.php. | |||||
| CVE-2015-2083 | 1 Ilch | 1 Cms | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Ilch CMS allows remote attackers to hijack the authentication of administrators for requests that add a value to a profile field via a profilefields request to admin.php. | |||||
| CVE-2015-2048 | 1 Dlink | 2 Dcs-931l, Dcs-931l Firmware | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2015-2039 | 1 Acobot Live Chat \& Contact Form Project | 1 Acobot Live Chat \& Contact Form | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Acobot Live Chat & Contact Form plugin 2.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or (2) conduct cross-site scripting (XSS) attacks via the acobot_token parameter in the acobot page to wp-admin/options-general.php. | |||||
| CVE-2015-2026 | 1 Ibm | 1 Websphere Extreme Scale | 2024-11-21 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2015-2009 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin. IBM X-Force ID: 103921. | |||||
| CVE-2015-20105 | 1 Cbads | 1 Clickbank Affiliate Ads | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues | |||||
| CVE-2015-1997 | 1 Ibm | 1 Security Qradar Incident Forensics | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar Vulnerability Manager 7.2.x before 7.2.5 Patch 5 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2015-1894 | 1 Ibm | 1 Optim Workload Replay | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2015-1874 | 1 Cfdbplugin | 1 Contact Form Db | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.32 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete all plugin records via a request in the CF7DBPluginSubmissions page to wp-admin/admin.php. | |||||
| CVE-2015-1786 | 1 Zend | 1 Zend Framework | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers. | |||||
| CVE-2015-1785 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. | |||||
| CVE-2015-1771 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka "Exchange Cross-Site Request Forgery Vulnerability." | |||||