Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).
Multiple cross-site request forgery (CSRF) vulnerabilities in the Noma component in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to hijack the authentication of unspecified victims for requests that (1) store XSS sequences or (2) delete entries.
An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability.
Cross-site request forgery (CSRF) vulnerability in he Digg Digg plugin before 5.3.5 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors.
Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.
Cross-site request forgery (CSRF) vulnerability in Coursemill Learning Management System (LMS) 6.6 allows remote attackers to hijack the authentication of arbitrary users via vectors related to cookies.
Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users.
Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.
Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.
Cross-site request forgery (CSRF) vulnerability in the Shareaholic SexyBookmarks plugin 6.1.4.0 for WordPress allows remote attackers to hijack the authentication of users for requests that "manipulate plugin settings."
Multiple cross-site request forgery (CSRF) vulnerabilities in the Loftek Nexus 543 IP Camera allow remote attackers to hijack the authentication of unspecified victims for requests that change (1) passwords or (2) firewall configuration, as demonstrated by a request to set_users.cgi.
Cross-site request forgery (CSRF) vulnerability in the Related Posts plugin before 2.7.2 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors.
Cross-site request forgery (CSRF) vulnerability in the WP Maintenance Mode plugin before 1.8.8 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings.
A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS.
Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add users.
Cross-site request forgery (CSRF) vulnerability in admin/setting.php in the Xhanch - My Twitter plugin before 2.7.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change unspecified settings.
Cross-site request forgery (CSRF) vulnerability in the qTranslate plugin 2.5.34 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors.
JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user.
Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305.
FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).
An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. CSRF exists in hy-cgi/user.cgi, as demonstrated by changing an administrator password or adding a new administrator account.
A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API.
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh25506.
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033.
Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298.
Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210.
In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.
Cross-site request forgery (CSRF) vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change settings via unspecified vectors.
Cross-site request forgery (CSRF) vulnerability in the options admin page in the WP-PostViews plugin before 1.63 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors.
A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCve76872.
Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could manipulate an authenticated user into performing actions on the web administrative interface.
Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify configuration.
Cross-site request forgery (CSRF) vulnerability in the Social Sharing Toolkit plugin 2.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that manipulate plugin settings via unknown vectors.
Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1.
Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports.
ASUS DSL-N10S V2.1.16_APAC devices allow CSRF.
Cross-site request forgery (CSRF) vulnerability in the Add/Edit page (adminmenus.php) in the WP125 plugin before 1.5.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that add or edit an ad via unspecified vectors.
Cross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the authentication of users for requests that add a calendar entry via unspecified vectors.
Cross-site request forgery (CSRF) vulnerability in the WordPress Simple Paypal Shopping Cart plugin before 3.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings.
An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF.
Cross-site request forgery (CSRF) vulnerability in the Stream Video Player plugin 1.4.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors.
Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a request to admin/users/add/user/do/.
Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password.
Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.
Multiple cross-site request forgery (CSRF) vulnerabilities in totemomail Encryption Gateway before 6.0.0_Build_371 allow remote attackers to hijack the authentication of users for requests that (1) change user settings, (2) send emails, or (3) change contact information by leveraging lack of an anti-CSRF token.
A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow elevation of privilege.
Cross-site request forgery (CSRF) vulnerability in the Facebook Members plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings.