Total
8703 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9396 | 1 Simpleflickr Project | 1 Simpleflickr | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleFlickr plugin 3.0.3 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simpleflickr_width, (2) simpleflickr_bgcolor, or (3) simpleflickr_xmldatapath parameter in the simpleFlickr.php page to wp-admin/options-general.php. | ||||
| CVE-2014-9394 | 1 Pwgrandom Project | 1 Pwgrandom | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the PWGRandom plugin 1.11 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) pwgrandom_title or (2) pwgrandom_category parameter in the pwgrandom page to wp-admin/options-general.php. | ||||
| CVE-2014-9392 | 1 Pictobrowser Project | 1 Pictobrowser | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the PictoBrowser (pictobrowser-gallery) plugin 0.3.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the pictoBrowserFlickrUser parameter in the options-page.php page to wp-admin/options-general.php. | ||||
| CVE-2014-9393 | 1 Post To Twitter Project | 1 Post To Twitter | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Post to Twitter plugin 0.7 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) idptt_twitter_username or (2) idptt_tweet_prefix parameter to wp-admin/options-general.php. | ||||
| CVE-2015-3624 | 1 Ektron | 1 Ektron Content Management System | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content administrators for requests that delete content via a delete action. | ||||
| CVE-2014-9385 | 1 Zenoss | 1 Zenoss Core | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Zenoss Core through 5 Beta 3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger arbitrary code execution via a ZenPack upload, aka ZEN-15388. | ||||
| CVE-2014-9368 | 1 Twitterdash Project | 1 Twitterdash | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the twitterDash plugin 2.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the username_twitterDash parameter in the twitterDash.php page to wp-admin/options-general.php. | ||||
| CVE-2014-9344 | 1 Globiz Solutions | 1 Snowfox Content Management System | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a submit action in the admin/accounts/create uri to snowfox/. | ||||
| CVE-2014-9340 | 1 Wpcommenttwit Project | 1 Wpcommenttwit | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the wpCommentTwit plugin 0.5 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) username or (2) password parameter in the wpCommentTwit.php page to wp-admin/options-general.php. | ||||
| CVE-2014-9339 | 1 Jayde Online | 1 Spnbabble | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the SPNbabble plugin 1.4.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) username or (2) password parameter in the spnbabble.php page to wp-admin/options-general.php. | ||||
| CVE-2014-9338 | 1 O2tweet Project | 1 O2tweet | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the O2Tweet plugin 0.0.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) o2t_username or (2) o2t_tags parameter to wp-admin/options-general.php. | ||||
| CVE-2014-9336 | 1 Itwitter Project | 1 Itwitter | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the iTwitter plugin 0.04 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) itex_t_twitter_username or (2) itex_t_twitter_userpass parameter in the iTwitter.php page to wp-admin/options-general.php. | ||||
| CVE-2014-9335 | 1 Dandyid Services Project | 1 Dandyid Services | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) email_address or (2) sidebarTitle parameter in the dandyid-services.php page to wp-admin/options-general.php. | ||||
| CVE-2014-9104 | 1 Openvpn | 1 Openvpn Access Server | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting established VPN sessions, (2) connect to arbitrary VPN servers, or (3) create VPN profiles and execute arbitrary commands via crafted API requests. | ||||
| CVE-2015-4460 | 1 Boxautomation | 1 C2box | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 (r19171) allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors. | ||||
| CVE-2014-9099 | 1 Whydowork Adsense Project | 1 Whydowork Adsense | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the whydowork_adsense page in wp-admin/options-general.php. | ||||
| CVE-2014-9041 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks. | ||||
| CVE-2014-9003 | 1 Lantronix | 1 Xprintserver | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action. | ||||
| CVE-2014-8953 | 1 Phpscriptlerim | 1 Php Scriptlerim Who\'s Who | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php. | ||||
| CVE-2014-8654 | 1 Compal Broadband Networks | 3 Cg6640e Wireless Gateway, Ch664oe Wireless Gateway, Firmware | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators for requests that (1) have unspecified impact on DDNS configuration via a request to basicDDNS.html, (2) change the wifi password via the psKey parameter to setWirelessSecurity.html, (3) add a static MAC address via the MacAddress parameter in an add_static action to setBasicDHCP1.html, or (4) enable or disable UPnP via the UPnP parameter in an apply action to setAdvancedOptions.html. | ||||