Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-9380 | 1 10web | 1 Photo Gallery | 2024-11-21 | N/A |
| The photo-gallery plugin before 1.2.42 for WordPress has CSRF. | ||||
| CVE-2015-9343 | 1 Impress | 1 Wp Rollback | 2024-11-21 | N/A |
| The wp-rollback plugin before 1.2.3 for WordPress has CSRF. | ||||
| CVE-2015-9332 | 1 Wordpress Uninstall Project | 1 Wordpress Uninstall | 2024-11-21 | N/A |
| The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI. | ||||
| CVE-2015-9322 | 1 Erident Custom Login And Dashboard Project | 1 Erident Custom Login And Dashboard | 2024-11-21 | N/A |
| The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF. | ||||
| CVE-2015-9309 | 1 Flippercode | 1 Wp Google Map | 2024-11-21 | 8.8 High |
| The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature. | ||||
| CVE-2015-9308 | 1 Flippercode | 1 Wp Google Map | 2024-11-21 | 8.8 High |
| The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature. | ||||
| CVE-2015-9307 | 1 Flippercode | 1 Wp Google Map | 2024-11-21 | 8.8 High |
| The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature. | ||||
| CVE-2015-9292 | 1 6kbbs | 1 6kbbs | 2024-11-21 | N/A |
| 6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter). | ||||
| CVE-2015-9284 | 1 Omniauth | 1 Omniauth | 2024-11-21 | 8.8 High |
| The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account. | ||||
| CVE-2015-9233 | 1 Codepeople | 1 Cp Contact Form With Paypal | 2024-11-21 | 8.8 High |
| The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php. | ||||
| CVE-2015-8814 | 1 Umbraco | 1 Umbraco | 2024-11-21 | N/A |
| Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file. | ||||
| CVE-2015-8624 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A |
| The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623. | ||||
| CVE-2015-8623 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A |
| The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624. | ||||
| CVE-2015-8563 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2015-8536 | 1 Lenovo | 1 Solution Center | 2024-11-21 | 8.8 High |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery. | ||||
| CVE-2015-8379 | 1 Cakephp | 1 Cakephp | 2024-11-21 | N/A |
| CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter. | ||||
| CVE-2015-8255 | 1 Axis | 1 Axis Communications Firmware | 2024-11-21 | N/A |
| AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi. | ||||
| CVE-2015-8152 | 1 Symantec | 1 Endpoint Protection Manager | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script. | ||||
| CVE-2015-8131 | 1 Elastic | 1 Kibana | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana before 4.1.3 and 4.2.x before 4.2.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2015-7984 | 2 Debian, Horde | 3 Debian Linux, Groupware, Horde Application Framework | 2024-11-21 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php. | ||||