Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-4659 | 1 Labsmedia | 1 Clickheat | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in ClickHeat 1.14 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a config action to index.php. | ||||
| CVE-2015-4639 | 1 Koha | 1 Koha | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name. | ||||
| CVE-2015-4630 | 1 Koha | 1 Koha | 2024-11-21 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that create a user via a request to members/memberentry.pl or (2) give a user superlibrarian permission via a request to members/member-flags.pl or (3) hijack the authentication of arbitrary users for requests that conduct cross-site scripting (XSS) attacks via the addshelf parameter to opac-shelves.pl. | ||||
| CVE-2015-4619 | 1 Denkgroot | 1 Spina | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75. | ||||
| CVE-2015-4593 | 1 Eclinicalworks | 1 Population Health | 2024-11-21 | N/A |
| eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users, appointments and employees. | ||||
| CVE-2015-4586 | 1 Alcatel-lucent | 2 Cellpipe 7130 Rg 5ae.m2013 Hol, Cellpipe 7130 Rg 5ae.m2013 Hol Firmware | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL with firmware 1.0.0.20h.HOL allows remote attackers to hijack the authentication of administrators for requests that create a user account via an add_user action in a request to password.cmd. | ||||
| CVE-2015-4530 | 1 Emc | 5 Documentum Administrator, Documentum Digital Asset Manager, Documentum Taskspace and 2 more | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518. | ||||
| CVE-2015-4460 | 1 Boxautomation | 1 C2box | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 (r19171) allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors. | ||||
| CVE-2015-4397 | 1 Node Template Project | 1 Node Template | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Node Template module for Drupal allows remote attackers to hijack the authentication of users with the "access node template" permission for requests that delete node templates via unspecified vectors. | ||||
| CVE-2015-4396 | 1 Keyword Research Project | 1 Keyword Research | 2024-11-21 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Keyword Research module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to hijack the authentication of users with the "kwresearch admin site keywords" permission for requests that (1) create, (2) delete, or (3) set priorities to keywords via unspecified vectors. | ||||
| CVE-2015-4391 | 1 Civicrm | 1 Civicrm Private Report | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the CiviCRM private report module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of users for requests that delete reports via unspecified vectors. | ||||
| CVE-2015-4390 | 1 User Import Project | 1 User Import | 2024-11-21 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the User Import module 6.x-4.x before 6.x-4.4 and 7.x-2.x before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) continue or (2) delete an ongoing import via unspecified vectors. | ||||
| CVE-2015-4383 | 1 Decisions Project | 1 Decisions | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Decisions module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that remove individual voters via unspecified vectors. | ||||
| CVE-2015-4382 | 1 Invoice Project | 1 Invoice | 2024-11-21 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) create, (2) delete, or (3) alter invoices via unspecified vectors. | ||||
| CVE-2015-4379 | 1 Webform Multiple File Upload Project | 1 Webform Multiple File Upload | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors. | ||||
| CVE-2015-4364 | 1 Campaign Monitor Project | 1 Campaign Monitor | 2024-11-21 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in includes/campaignmonitor_lists.admin.inc in the Campaign Monitor module 7.x-1.0 for Drupal allow remote attackers to hijack the authentication of users for requests that (1) enable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/enable or (2) disable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/disable. NOTE: this refers to an issue in an independently developed Drupal module, and NOT an issue in the Campaign Monitor software itself (described on the campaignmonitor.com web site). | ||||
| CVE-2015-4362 | 1 Tracking Code Project | 1 Tracking Code | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in tracking_code.admin.inc in the Tracking Code module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that disable tracking codes via unspecified vectors. | ||||
| CVE-2015-4361 | 1 Registration Codes Project | 1 Registration Codes | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Registration codes module before 6.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete registration codes via unspecified vectors. | ||||
| CVE-2015-4360 | 1 Registration Codes Project | 1 Registration Codes | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete role-rules via unspecified vectors. | ||||
| CVE-2015-4355 | 1 Watchdog Aggregator Project | 1 Watchdog Aggregator | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Watchdog Aggregator module for Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable monitoring sites via unspecified vectors. | ||||