Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4077 | 1 Roundcube | 1 Webmail | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076.
|
|||||
| CVE-2008-6905 | 1 Babbleboard | 1 Babbleboard | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in index.php in BabbleBoard 1.1.6 allows remote authenticated users to hijack the authentication of administrators for requests that delete (1) categories or (2) groups; (3) ban users; or (4) delete users via the admin page.
|
|||||
| CVE-2007-5259 | 1 Ilient | 1 Sysaid | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Ilient SysAid 4.5.03 and 4.5.04 allows remote attackers to perform some actions as administrators, as demonstrated by changing the administrator password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-0055 | 1 Cisco | 2 Ironport Encryption Appliance, Ironport Postx | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to modify appliance preferences as arbitrary users via unspecified vectors.
|
|||||
| CVE-2009-4092 | 1 Simplog | 1 Simplog | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in user.php in Simplog 0.9.3.2, and possibly earlier, allows remote attackers to hijack the authentication of administrators and users for requests that change passwords.
|
|||||
| CVE-2008-6729 | 1 Phpmotion | 1 Phpmotion | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (1) password or (2) email_address parameter.
|
|||||
| CVE-2008-7243 | 1 Modxcms | 1 Modxcms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in page 34 in MODx CMS 0.9.6.1 and 0.9.6.1p1 allows remote attackers to hijack the authentication of other users for requests that modify passwords via manager/index.php. NOTE: due to the lack of details, it is not clear whether this is related to CVE-2008-5941.
|
|||||
| CVE-2008-3221 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities.
|
|||||
| CVE-2008-5565 | 1 Dinkumsoft | 1 Dl Paycart | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in admin/settings.php in DL PayCart 1.34 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters.
|
|||||
| CVE-2008-3868 | 1 Cce-interact | 1 Interact | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 allows remote attackers to hijack the authentication of super administrators for requests that create super administrator accounts.
|
|||||
| CVE-2009-4173 | 2 Cutephp, Korn19 | 2 Cutenews, Utf-8 Cutenews | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php.
|
|||||
| CVE-2007-3416 | 2 Web-app.org, Web App.net | 2 Webapp, Webapp | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the administration of (1) polls, (2) profiles, (3) IP bans, and (4) forums in (a) web-app.org WebAPP 0.8 through 0.9.9.6; and (b) web-app.net WebAPP 0.9.9.3.3, 0.9.9.3.4, and 2007; allow remote attackers to perform deletions as administrators.
|
|||||
| CVE-2007-0044 | 1 Adobe | 3 Acrobat, Acrobat 3d, Acrobat Reader | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."
|
|||||
| CVE-2008-2276 | 1 Matisbt | 1 Mantis | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in manage_user_create.php in Mantis 1.1.1 allows remote attackers to create new administrative users via a crafted link.
|
|||||
| CVE-2008-0272 | 1 Drupal | 1 Drupal | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users.
|
|||||
| CVE-2009-2073 | 1 Cisco | 1 Wrt160n | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Linksys WRT160N wireless router hardware 1 and firmware 1.02.2 allows remote attackers to hijack the authentication of other users for unspecified requests via unknown vectors, as demonstrated using administrator privileges and actions.
|
|||||
| CVE-2009-0056 | 1 Cisco | 2 Ironport Encryption Appliance, Ironport Postx | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action.
|
|||||
| CVE-2009-0037 | 1 Curl | 2 Curl, Libcurl | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.
|
|||||
| CVE-2008-6331 | 1 Streber-pm | 1 Streber | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Streber before 0.08093 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
|||||
| CVE-2008-5568 | 1 Ipn-mate | 1 Ipn Pro 3 | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the admin_id, newpass_1, and newpass_2 parameters.
|
|||||
| CVE-2008-0563 | 1 Liferay | 1 Liferay Enterprise Portal | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format.
|
|||||
| CVE-2008-7016 | 1 Luke Mewburn | 1 Tnftpd | 2025-04-09 | 6.8 MEDIUM | N/A |
|
tnftpd before 20080929 splits large command strings into multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unknown vectors, probably involving a crafted ftp:// link to a tnftpd server.
|
|||||
| CVE-2007-5213 | 1 Axis | 2 2100 Network Camera, 2100 Network Camera Firmware | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page.
|
|||||
| CVE-2008-5621 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.
|
|||||
| CVE-2008-1977 | 2 Internationalization Project, Localizer Project | 2 Internationalization, Localizer | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the Internationalization (i18n) Drupal module 5.x before 5.x-2.3 and 5.x-1.1, and 6.x before 6.x-1.0 beta 1, allows remote attackers to change node translation relationships via unspecified vectors.
|
|||||
| CVE-2009-0969 | 1 Phpfox | 1 Phpfox | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in account/settings/account/index.php in phpFoX 1.6.21 allows remote attackers to hijack the authentication of administrators for requests that change the email address via the act[update] action.
|
|||||
| CVE-2009-0482 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi.
|
|||||
| CVE-2008-6449 | 1 Centurysys | 9 Xr-1100, Xr-410, Xr-410-l2 and 6 more | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in multiple Century Systems routers including XR-410 before 1.6.9, XR-510 before 3.5.3, XR-440 before 1.7.8, and other XR series routers from XR-510 to XR-730 allows remote attackers to modify configuration as the administrator via unknown vectors.
|
|||||
| CVE-2009-0468 | 1 Armorlogic | 1 Profense Web Application Firewall | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown the server, (2) send ping packets, (3) enable network services, (4) configure a proxy server, and (5) modify other settings via parameters in the query string.
|
|||||
| CVE-2007-6390 | 1 Serendipity | 1 Serendipity | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page.
|
|||||
| CVE-2009-4407 | 1 Pyforum | 1 Pyforum | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to hijack the authentication of victims for requests that change passwords, and other unspecified requests, via unknown vectors.
|
|||||
| CVE-2007-6708 | 1 Linksys | 1 Wag54gs | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi.
|
|||||
| CVE-2009-0112 | 1 Expinion | 1 Poll Pro | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote attackers to create or modify accounts as administrators via the username, password, and name parameters.
|
|||||
| CVE-2009-4066 | 2 Drupal, Paul Beaney | 2 Drupal, Phplist | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (2) unsubscribing to mailing lists.
|
|||||
| CVE-2007-3457 | 1 Adobe | 1 Flash Player | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file.
|
|||||
| CVE-2009-3784 | 2 Drupal, Sjoerd Arendsen | 2 Drupal, Simplenews Statistics | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
|||||
| CVE-2008-7221 | 1 Runcms | 1 Runcms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that (1) add new administrators or (2) modify user profiles via a crafted request to system/admin.php.
|
|||||
| CVE-2007-5917 | 1 Skalinks | 1 Skalinks | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in admin/admin_account.php in Skalinks 1.5 and earlier allows remote attackers to add arbitrary privileged accounts as administrators via the admin_name, admin_password, admin_type, and Add_admin parameters.
|
|||||
| CVE-2009-1280 | 1 Joomla | 1 Joomla | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
|||||
| CVE-2008-3760 | 1 Lussumo | 1 Vanilla | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout via a SignOutNow action to people.php.
|
|||||