Total
6075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5763 | 1 Ibm | 1 Netezza | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2012-5701 | 1 Dotproject | 1 Dotproject | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2012-5695 | 1 Bulbsecurity | 1 Smartphone Pentest Framework | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS message. | |||||
| CVE-2012-5683 | 1 Zpanelcp | 1 Zpanel | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create new FTP users via a CreateFTP action in the ftp_management module to the default URI, (2) conduct cross-site scripting (XSS) attacks via the inFullname parameter in an UpdateAccountSettings action in the my_account module to zpanel/, or (3) conduct SQL injection attacks via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI. | |||||
| CVE-2012-5622 | 1 Redhat | 1 Openshift | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors. | |||||
| CVE-2012-5556 | 2 Drupal, Restful Web Services Project | 2 Drupal, Restful Web Services | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unknown vectors. | |||||
| CVE-2012-5549 | 2 Carlos Carvalhar, Drupal | 2 Time Spent, Drupal | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2012-5547 | 2 Drupal, Thomas Seidl | 2 Drupal, Search Api | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a server via a server action or (2) enable a search index via an enable index action. | |||||
| CVE-2012-5542 | 2 Drupal, Pedro Cambra | 2 Drupal, Commerce Extra Panes | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Commerce Extra Panes module 7.x-1.x before 7.x-1.1 in Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable a Commerce extra panes pane via unspecified vectors related to "the link to reorder items." | |||||
| CVE-2012-5500 | 1 Plone | 1 Plone | 2024-11-21 | 4.3 MEDIUM | N/A |
| The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request. | |||||
| CVE-2012-5450 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deld parameter. | |||||
| CVE-2012-5394 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading. | |||||
| CVE-2012-5387 | 2 Videousermanuals, Wordpress | 2 White-label-cms, Wordpress | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences. | |||||
| CVE-2012-5326 | 1 Idevspot | 1 Isupport | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/function.php in IDevSpot iSupport 1.x allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via an administrators action. | |||||
| CVE-2012-5323 | 1 Xavi | 1 X7968 | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in webconfig/admin_passwd/passwd.html/admin_passwd in Xavi X7968 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysUserName, sysPassword, and sysCfmPwd parameters. | |||||
| CVE-2012-5320 | 1 Sagem | 2 F\@st 2604, F\@st 2604 Firmware | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in password.cgi in Sagem F@ST 2604 253180972B allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter. | |||||
| CVE-2012-5319 | 1 Dlink | 3 Dcs-2000, Dcs-5300, Dcs-900 | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter. | |||||
| CVE-2012-5308 | 1 Ibm | 1 Lotus Notes Traveler | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that create problem reports via a getReportProblem upload action. | |||||
| CVE-2012-5216 | 1 Hp | 3 Procurve Switch 1700-24, Procurve Switch 1700-8, Procurve Switch Software | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8 (aka J9079A) switches with software before VA.02.09 and 1700-24 (aka J9080A) switches with software before VB.02.09 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2012-5178 | 2 Welcart, Wordpress | 2 Welcart Plugin, Wordpress | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that complete a purchase. | |||||