Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7151 | 2 Drupal, Gurpartap Singh | 2 Drupal, Live | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Live 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to hijack the authentication of unspecified privileged users for requests that can be leveraged to execute arbitrary PHP code.
|
|||||
| CVE-2008-6758 | 1 Viart | 1 Viart Shop | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to hijack the authentication of arbitrary users for requests that conduct persistent cross-site scripting (XSS) attacks via the cart_name parameter in a save action.
|
|||||
| CVE-2009-1339 | 1 Twiki | 1 Twiki | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434.
|
|||||
| CVE-2008-5028 | 2 Nagios, Op5 | 2 Nagios, Monitor | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.
|
|||||
| CVE-2007-1276 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.
|
|||||
| CVE-2008-3885 | 1 Blogn | 1 Blogn | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Blogn (BURO GUN) 1.9.7 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make content modifications. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-7165 | 1 Alice | 1 Gate2 Plus Wi-fi | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery in cp06_wifi_m_nocifr.cgi in the administrator panel in TELECOM ITALIA Alice Gate2 Plus Wi-Fi allows remote attackers to hijack the authentication of administrators for requests that disable Wi-Fi encryption via certain values for the wlChannel and wlRadioEnable parameters.
|
|||||
| CVE-2008-2002 | 1 Motorola | 1 Surfboard | 2025-04-09 | 7.8 HIGH | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola Surfboard with software SB5100-2.3.3.0-SCM00-NOSH allow remote attackers to (1) cause a denial of service (device reboot) via the "Restart Cable Modem" value in the BUTTON_INPUT parameter to configdata.html, and (2) cause a denial of service (hard reset) via the "Reset All Defaults" value in the BUTTON_INPUT parameter to configdata.html.
|
|||||
| CVE-2008-1172 | 1 Torrenttrader | 2 Torrenttrader, Torrenttrader Classic | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php in TorrentTrader Classic 1.08 allow remote attackers to perform certain actions as other users, as demonstrated by sending messages.
|
|||||
| CVE-2008-6949 | 1 Collabtive | 1 Collabtive | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Collabtive 0.4.8 allow remote attackers to hijack the authentication of administrators for requests that (1) submit or edit a new project, or (2) upload files to a project, or (3) attach files to messages via unknown vectors. NOTE: these issues can be leveraged with other vulnerabilities to create remote attack vectors that do not require authentication.
|
|||||
| CVE-2008-6657 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action.
|
|||||
| CVE-2009-1464 | 1 Klinzmann | 1 Application Access Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in index.aas in Application Access Server (A-A-S) 2.0.48 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary programs via a command job, (2) stop services via a setservice job, or (3) terminate processes via a killprocess job.
|
|||||
| CVE-2008-0472 | 1 Woltlab | 1 Burning Board | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in modcp.php in Woltlab Burning Board (wBB) 2.3.6 PL2 allows remote attackers to delete threads as moderators or administrators via a thread_del action.
|
|||||
| CVE-2008-6639 | 1 Ajaxplorer | 1 Ajaxplorer | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in admin.php in AjaXplorer 2.3.3 and 2.3.4 allows remote attackers to hijack the authentication of administrators for requests that modify passwords via the update_user_pwd action.
|
|||||
| CVE-2007-5229 | 1 Feedburner | 1 Feedsmith | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the FeedBurner FeedSmith 2.2 plugin for WordPress allows remote attackers to change settings and hijack blog feeds via a request to wp-admin/options-general.php that submits parameter values to FeedBurner_FeedSmith_Plugin.php, as demonstrated by the (1) feedburner_url and (2) feedburner_comments_url parameters.
|
|||||
| CVE-2008-5115 | 1 Sun | 1 Java System Identity Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp.
|
|||||
| CVE-2008-1149 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | 5.1 MEDIUM | N/A |
|
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
|
|||||
| CVE-2008-6478 | 1 Parallels | 1 Virtuozzo Containers | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to create and delete arbitrary files as the administrator via a link or IMG tag to (1) create-file and (2) list-control in vz/cp/vzdir/infrman/envs/files/; or modify system configuration via the path parameter to vz/cp/vzdir/infrman/envs/files/index.
|
|||||
| CVE-2009-1561 | 1 Cisco | 1 Wrt54gc | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator password via the sysPasswd and sysConfirmPasswd parameters.
|
|||||
| CVE-2008-3262 | 1 Claroline | 1 Claroline | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password.
|
|||||
| CVE-2006-6701 | 1 Atmail | 1 Atmail Webmail | 2025-04-09 | 7.5 HIGH | N/A |
|
Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail.
|
|||||
| CVE-2008-5941 | 1 Modxcms | 1 Modxcms | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors.
|
|||||
| CVE-2008-6823 | 1 A-link | 2 Wl54ap2, Wl54ap3 | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface on the A-LINK WL54AP3 and WL54AP2 access points before firmware 1.4.2-eng1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify the network configuration via certain parameters to goform/formWanTcpipSetup or (2) modify credentials via certain parameters to goform/formPasswordSetup.
|
|||||
| CVE-2009-4121 | 1 Opensolution | 2 Quick.cms, Quick.cms.lite | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.CMS 2.4 and Quick.CMS.Lite 2.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete web pages via a p-delete action to admin.php, and possibly (2) delete products or (3) delete orders via unspecified vectors. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-3744 | 1 Drupal | 1 Drupal | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) delete user access rules.
|
|||||
| CVE-2008-2071 | 1 Cpanel | 1 Cpanel | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors.
|
|||||
| CVE-2009-0485 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi.
|
|||||
| CVE-2009-1757 | 1 Transmissionbt | 1 Transmission | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
|||||
| CVE-2008-2531 | 1 Buildanichestore3 | 1 Bans | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the search script in Build A Niche Store (BANS) 3.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
|
|||||
| CVE-2007-5773 | 1 Flatnuke3 | 1 Flatnuke3 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in index.php in the File Manager module in Flatnuke 3 allows remote attackers to perform certain actions as administrators via requests containing the pathname in the dir parameter and the filename in the ffile parameter.
|
|||||
| CVE-2009-4555 | 1 K-factor | 1 Agoracart | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in AgoraCart 5.2.005 and 5.2.006 and AgoraCart GOLD 5.5.005 allow remote attackers to hijack the authentication of administrators for requests that (1) modify a .htaccess file via an unspecified request to protected/manager.cgi or (2) change the password of an administrative account.
|
|||||
| CVE-2007-6320 | 1 Drupal | 1 Feature Module | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.
|
|||||
| CVE-2008-0182 | 1 Liferay | 1 Liferay Enterprise Portal | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message.
|
|||||
| CVE-2007-6490 | 1 Falcon | 1 Series One Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php.
|
|||||
| CVE-2008-6801 | 1 Vivvo | 1 Vivvo | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Vivvo CMS before 4.0.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
|||||
| CVE-2007-6730 | 1 Zyxel | 1 P-330w Router | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote router management via goform/formRmtMgt or (2) modify the administrator password via goform/formPasswordSetup.
|
|||||
| CVE-2009-1518 | 1 Beltane | 1 Beltane | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Beltane before 2.3.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-6532 | 1 Drupal | 1 Drupal | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database.
|
|||||
| CVE-2009-0039 | 1 Apache | 1 Geronimo | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
|
|||||
| CVE-2009-0484 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete shared or saved searches via a link or IMG tag to buglist.cgi.
|
|||||