Vulnerabilities (CVE)

Filtered by CWE-352
Total 3631 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-5080 1 Silverstripe 1 Silverstripe 2012-08-27 6.8 MEDIUM N/A
The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HTTP referer leakage."
CVE-2012-2564 1 Bloxx 1 Web Filtering 2012-08-19 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bloxx Web Filtering before 5.0.14 allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions.
CVE-2012-4280 1 Rwcinc 1 Free Realty 2012-08-14 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/agenteditor.php in Free Realty 3.1-0.6 allow remote attackers to hijack the authentication of administrators for requests that (1) add an agent via an addagent action or (2) modify an agent.
CVE-2012-2602 1 Solarwinds 1 Orion Network Performance Monitor 2012-08-13 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx.
CVE-2012-2305 2 Drupal, Justin Ellison 2 Drupal, Node Gallery 2012-08-09 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Node Gallery module for Drupal 6.x-3.1 and earlier allows remote attackers to hijack the authentication of certain users for requests that create node galleries.
CVE-2012-3384 1 Wordpress 1 Wordpress 2012-08-09 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-2307 2 Drupal, Plaatsoft 2 Drupal, Addressbook 2012-07-30 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-3362 1 Extplorer 1 Extplorer 2012-07-27 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action.
CVE-2012-2447 1 Netsweeper 1 Netsweeper 2012-07-10 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action.
CVE-2012-0303 1 Symantec 1 Message Filter 2012-07-06 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Brightmail Control Center in Symantec Message Filter 6.3 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) execute application commands or (2) create admin accounts.
CVE-2012-3231 1 Webatall 1 Web\@all 2012-06-28 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary code via a do_addfile action to inc/browser/action.php.
CVE-2012-2605 1 Bradfordnetworks 2 Network Sentry Appliance, Network Sentry Appliance Software 2012-06-13 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote attackers to hijack the authentication of administrators for requests that (1) insert XSS sequences or (2) send messages to clients.
CVE-2012-2959 1 Bmc 1 Identity Management Suite 2012-06-12 5.1 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrators for requests that change passwords.
CVE-2012-3343 1 Bloxx 1 Web Filtering 2012-06-11 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Microdasys before 3.5.1-B708, as used in Bloxx Web Filtering before 5.0.14 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that trigger error pages containing XSS sequences, a different vulnerability than CVE-2012-2564.
CVE-2012-1236 1 Janetter 1 Janetter 2012-06-09 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Janetter before 3.3.0.0 (aka 3.3.0) allow remote attackers to hijack the authentication of arbitrary users for requests that (1) tweet, (2) upload an image file, or (3) execute arbitrary commands.
CVE-2011-3293 1 Cisco 1 Secure Access Control Server 2012-06-09 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143.
CVE-2011-3846 1 Hp 1 System Management Homepage 2012-04-12 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 6.2.2.7 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
CVE-2007-6752 1 Drupal 1 Drupal 2012-03-28 6.8 MEDIUM N/A
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the "security benefit against platform complexity and performance impact" and concluding that a change to the logout behavior is not planned because "for most sites it is not worth the trade-off."
CVE-2011-3636 1 Redhat 1 Freeipa 2012-03-05 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes.
CVE-2012-1083 1 Typo3 2 Terminal, Typo3 2012-02-29 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.