Search
Total
1129 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2191 | 1 Cherokee-project | 1 Cherokee | 2011-11-24 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply. | |||||
| CVE-2011-4498 | 1 Zenprise | 1 Zenprise Device Manager | 2011-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web console in Zenprise Device Manager 6.x through 6.1.8 allows remote attackers to hijack the authentication of administrators for requests that wipe mobile devices. | |||||
| CVE-2011-3994 | 1 Skyarc | 5 Autotagging, Duplicateentry, Mailpack and 2 more | 2011-11-16 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data. | |||||
| CVE-2011-2773 | 1 Mahara | 1 Mahara | 2011-11-15 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution. | |||||
| CVE-2011-4173 | 1 Simplemachines | 1 Smf | 2011-10-25 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-1543 | 1 Hp | 1 Systems Insight Manager | 2011-09-22 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2011-1545 | 1 Hp | 1 Insight Control Performance Management | 2011-09-22 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management before 6.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2011-0535 | 1 Zikula | 1 Zikula Application Framework | 2011-09-22 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php. | |||||
| CVE-2010-4750 | 1 Blogcms | 1 Blog\ | 2011-09-22 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN.php in BLOG:CMS 4.2.1.e, and possibly earlier, allows remote attackers to hijack the authentication of administrators. | |||||
| CVE-2011-3381 | 1 Phorum | 1 Phorum | 2011-09-14 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2011-1341 | 1 Aimluck | 2 Aipo, Aipo-asp | 2011-08-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Aimluck Aipo before 4.0.4.0, and Aipo for ASP before 4.0.4.0, allows remote attackers to hijack the authentication of administrators for requests that modify data. | |||||
| CVE-2010-3694 | 1 Horde | 1 Horde Application Framework | 2011-07-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form. | |||||
| CVE-2011-1905 | 1 Proofpoint | 2 Messaging Security Gateway, Protection Server | 2011-05-31 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified administrative modules in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allow remote attackers to hijack the authentication of administrators via unknown vectors. | |||||
| CVE-2011-1324 | 1 Buffalotech | 43 As-100, Bbr-4hg, Bbr-4hg Firmware and 40 more | 2011-05-27 | 5.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password. | |||||
| CVE-2011-1325 | 1 Lockon | 1 Ec-cube | 2011-05-26 | 5.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2011-0696 | 1 Djangoproject | 1 Django | 2011-03-11 | 6.8 MEDIUM | N/A |
| Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a "combination of browser plugins and redirects," a related issue to CVE-2011-0447. | |||||
| CVE-2009-0056 | 1 Cisco | 2 Ironport Encryption Appliance, Ironport Postx | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action. | |||||
| CVE-2009-0055 | 1 Cisco | 2 Ironport Encryption Appliance, Ironport Postx | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to modify appliance preferences as arbitrary users via unspecified vectors. | |||||
| CVE-2008-3909 | 1 Django Project | 1 Django | 2011-03-08 | 5.8 MEDIUM | N/A |
| The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests. | |||||
| CVE-2008-0571 | 1 Drupal | 1 Userpoints Module | 2011-03-08 | 4.3 MEDIUM | N/A |
| The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, 5.x-2 before 5.x-2.16, and 5.x-3 before 5.x-3.3 module for Drupal does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and manipulate points. | |||||
| CVE-2002-2426 | 1 Citrix | 3 Access Essentials, Metaframe Presentation Server, Presentation Server | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-1104 | 1 Mutare | 1 Evm | 2011-03-01 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Mutare EVM allow remote attackers to hijack the authentication of arbitrary users for requests that (1) change a PIN, (2) delete messages, (3) add a delivery address, or (4) change a delivery address. | |||||
| CVE-2010-4729 | 1 Zikula | 1 Zikula Application Framework | 2011-02-14 | 6.8 MEDIUM | N/A |
| Zikula before 1.2.3 does not use the authid protection mechanism for (1) the lostpassword form and (2) mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery (CSRF) attacks via multiple form submissions. | |||||
| CVE-2010-4507 | 1 Clear | 4 Clearspot, Clearspot Firmware, Ispot and 1 more | 2011-01-12 | 9.3 HIGH | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi. | |||||
| CVE-2010-3878 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2010-12-30 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files. | |||||
| CVE-2010-4519 | 2 Drupal, Earl Miles | 2 Drupal, Views | 2010-12-27 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable all Views or (2) disable all Views. | |||||
| CVE-2009-4898 | 1 Twiki | 1 Twiki | 2010-11-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. NOTE: this issue exists because of an insufficient fix for CVE-2009-1339. | |||||
| CVE-2010-3288 | 1 Hp | 1 Systems Insight Manager | 2010-11-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2010-4024 | 1 Hp | 1 Insight Control Power Management | 2010-11-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2010-3989 | 1 Hp | 1 Insight Control Virtual Machine Management | 2010-11-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2010-3883 | 1 Cmsmadesimple | 1 Cms Made Simple | 2010-10-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Change Group Permissions module in CMS Made Simple 1.7.1 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make permission modifications. | |||||
| CVE-2009-4981 | 1 Keil-software | 1 Photokorn Gallery | 2010-08-25 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Photokorn Gallery 1.81 allow remote attackers to hijack the authentication of administrators. | |||||
| CVE-2010-3030 | 1 Tomaz-muraus | 1 Open Blog | 2010-08-18 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1648 | 1 Mediawiki | 1 Mediawiki | 2010-07-30 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form. | |||||
| CVE-2010-2594 | 7 Ibm, Intersect Alliance, Linux and 4 more | 14 Aix, Snare Agent, Snare Epilog and 11 more | 2010-07-02 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port. | |||||
| CVE-2009-1797 | 1 Apc | 2 Network Management Card, Switched Rack Pdu | 2010-06-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1) administrator or (2) device users for requests that create new administrative users or have unspecified other impact. | |||||
| CVE-2009-4906 | 1 Accscripts | 1 Acc Php Email | 2010-06-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in index.php in Acc PHP eMail 1.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords. | |||||
| CVE-2009-4905 | 1 Accscripts | 1 Acc Statistics | 2010-06-28 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Acc Statistics 1.1 allow remote attackers to hijack the authentication of administrators for requests that change (1) passwords, (2) usernames, and (3) e-mail addresses. | |||||
| CVE-2010-2282 | 1 Tomatocms | 1 Tomatocms | 2010-06-17 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in TomatoCMS 2.0.6 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. | |||||
| CVE-2010-2268 | 1 Accoria | 1 Rock Web Server | 2010-06-16 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts. | |||||
| CVE-2009-4787 | 1 Pligg | 1 Pligg Cms | 2010-06-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg before 1.0.3 allow remote attackers to hijack the authentication of administrators for requests that create user accounts or have unspecified other impact. | |||||
| CVE-2010-2151 | 1 Fujitsu | 1 E-pares | 2010-06-04 | 2.6 LOW | N/A |
| Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown vectors. | |||||
| CVE-2010-2114 | 1 Brekeke | 1 Pbx | 2010-06-01 | 2.6 LOW | N/A |
| Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke PBX 2.4.4.8 allows remote attackers to hijack the authentication of users for requests that change passwords via the pbxadmin.web.PbxUserEdit bean. | |||||
| CVE-2010-2025 | 1 Cisco | 1 Scientific Atlanta Webstar Dpc2100r2 | 2010-05-27 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl. | |||||
| CVE-2009-4827 | 1 Scriptez | 1 Mail Manager Pro | 2010-05-24 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in Mail Manager Pro allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a change action. | |||||
| CVE-2009-4828 | 1 Phpwebscripts | 1 Ad Manager Pro | 2010-05-24 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an admin_created action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4826 | 1 Scriptsez | 1 Mini Hosting Panel | 2010-05-24 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in hosting/admin_ac.php in ScriptsEz Mini Hosting Panel allows remote attackers to hijack the authentication of administrators for requests that alter administrative settings via a cp action. | |||||
| CVE-2010-1732 | 1 Zikula | 1 Zikula Application Framework | 2010-05-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action). | |||||
| CVE-2010-1150 | 1 Mediawiki | 1 Mediawiki | 2010-05-08 | 6.0 MEDIUM | N/A |
| MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a "login CSRF" issue. | |||||
| CVE-2010-1542 | 1 Dragonfrugal | 1 Dfd Cart | 2010-04-27 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in admin/configure.php in DFD Cart 1.198, 1.197, and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks or (2) change unspecified settings. | |||||