Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
csrf vulnerabilities and exploits
(subscribe to this query)
606
VMScore
CVE-2015-2755
Multiple cross-site request forgery (CSRF) vulnerabilities in the AB Google Map Travel (AB-MAP) plugin prior to 4.0 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) l...
Ab Google Map Travel Project Ab Google Map Travel
578
VMScore
CVE-2015-8355
Multiple SQL injection vulnerabilities in the orion.extfeedbackform module prior to 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php.
Orion-soft Bitrix
605
VMScore
CVE-2014-9129
Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin prior to 2.0.7 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_t...
Cminds Cm Download Manager
605
VMScore
CVE-2014-9335
Multiple cross-site request forgery (CSRF) vulnerabilities in the DandyID Services plugin 1.5.9 and previous versions for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1)...
Dandyid Services Project Dandyid Services
605
VMScore
CVE-2014-9341
Multiple cross-site request forgery (CSRF) vulnerabilities in the yURL ReTwitt plugin 1.4 and previous versions for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) yurl_...
Yurl Retwitt Project Yurl Retwitt 1.4
605
VMScore
CVE-2015-5483
Multiple cross-site request forgery (CSRF) vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that (1) add users, (2) delete posts, or (3) modify PHP files via unspecified vectors...
Private Only Project Private Only 3.5.1
445
VMScore
CVE-2020-25987
MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash.
Monocms Monocms 1.0
828
VMScore
CVE-2018-12455
Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an malicious user to authenticate in the web interface just by using "admin:" as the name of a cookie.
Intelbras Nplug Firmware 1.0.0.14
605
VMScore
CVE-2014-0740
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and previous versions allows remote malicious users to hijack the auth...
Cisco Unified Communications Manager 4.1\\(3\\)sr4
Cisco Unified Communications Manager 4.2
Cisco Unified Communications Manager 4.2.1
Cisco Unified Communications Manager 4.2.2
Cisco Unified Communications Manager
Cisco Unified Communications Manager 3.3\\(5\\)
Cisco Unified Communications Manager 3.3\\(5\\)sr1
Cisco Unified Communications Manager 3.3\\(5\\)sr2a
Cisco Unified Communications Manager 4.3
Cisco Unified Communications Manager 10.0
Cisco Unified Communications Manager 4.1\\(3\\)
Cisco Unified Communications Manager 4.1\\(3\\)sr2
Cisco Unified Communications Manager 4.2.3sr1
Cisco Unified Communications Manager 4.2.3sr2b
Cisco Unified Communications Manager 4.1\\(3\\)sr1
Cisco Unified Communications Manager 4.1\\(3\\)sr3
Cisco Unified Communications Manager 4.2.3
Cisco Unified Communications Manager 4.2.3sr2
605
VMScore
CVE-2018-12456
Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing malicious users to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access.
Intelbras Nplug Firmware 1.0.0.14
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »