Search
Total
3999 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2677 | 1 Hp | 1 Insight Control Suite For Linux | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Insight Control Suite For Linux (aka ICE-LX) before 2.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2009-2746 | 1 Ibm | 1 Websphere Application Server | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2009-1434 | 1 Foswiki | 1 Foswiki | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339. | |||||
| CVE-2009-1455 | 1 Andrew Simpson | 1 Webcollab | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in WebCollab before 2.50 (aka Billy Goat) allow remote attackers to hijack the authentication of administrators for requests that change an arbitrary password or have other unspecified impact. | |||||
| CVE-2009-1339 | 1 Twiki | 1 Twiki | 2017-08-17 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434. | |||||
| CVE-2009-1280 | 1 Joomla | 1 Joomla | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2009-1036 | 1 Drupal | 2 Drupal, Plus1 | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI. | |||||
| CVE-2008-7151 | 2 Drupal, Gurpartap Singh | 2 Drupal, Live | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Live 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to hijack the authentication of unspecified privileged users for requests that can be leveraged to execute arbitrary PHP code. | |||||
| CVE-2008-6169 | 1 Drupal | 2 Localization Client, Localization Server | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Localization client 5.x before 5.x-1.1 and 6.x before 6.x-1.6 and the Localization server 5.x before 5.x-1.0-alpha5 and 6.x before 6.x-alpha2, modules for Drupal, allows remote attackers to perform unauthorized actions as administrators via unspecified vectors related to the "local translation submission interface." | |||||
| CVE-2008-6239 | 1 Openedit | 1 Openedit Digital Asset Management | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to perform unspecified actions as arbitrary users via unknown vectors. | |||||
| CVE-2008-6331 | 1 Streber-pm | 1 Streber | 2017-08-17 | 6.0 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Streber before 0.08093 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2008-6384 | 1 Drupal | 1 Comment Mail | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Comment Mail 5.x before 5.x-1.1, a module for Drupal, allow remote attackers to hijack the authentication of administrators. | |||||
| CVE-2008-6449 | 1 Centurysys | 9 Xr-1100, Xr-410, Xr-410-l2 and 6 more | 2017-08-17 | 4.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in multiple Century Systems routers including XR-410 before 1.6.9, XR-510 before 3.5.3, XR-440 before 1.7.8, and other XR series routers from XR-510 to XR-730 allows remote attackers to modify configuration as the administrator via unknown vectors. | |||||
| CVE-2008-6532 | 1 Drupal | 1 Drupal | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database. | |||||
| CVE-2008-6639 | 1 Ajaxplorer | 1 Ajaxplorer | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in AjaXplorer 2.3.3 and 2.3.4 allows remote attackers to hijack the authentication of administrators for requests that modify passwords via the update_user_pwd action. | |||||
| CVE-2008-6744 | 1 Cybozu | 3 Cybozu Dezie, Cybozu Garoon, Cybozu Office | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2008-6801 | 1 Vivvo | 1 Vivvo | 2017-08-17 | 4.4 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Vivvo CMS before 4.0.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2008-6832 | 1 Atlassian | 1 Jira | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Enterprise Edition 3.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-7016 | 1 Luke Mewburn | 1 Tnftpd | 2017-08-17 | 6.8 MEDIUM | N/A |
| tnftpd before 20080929 splits large command strings into multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unknown vectors, probably involving a crafted ftp:// link to a tnftpd server. | |||||
| CVE-2008-7204 | 1 Virtuemart | 1 Virtuemart | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2009-0648 | 1 Falt4 | 1 Falt4 Extreme | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the manage_users handler in admin/index.php in Falt4 CMS (aka Falt4 Extreme) RC4 allow remote attackers to hijack the authentication of administrators for requests that change passwords via the (1) edit and (2) edit_now actions. | |||||
| CVE-2017-6086 | 1 Vimbadmin | 1 Vimbadmin | 2017-08-16 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to <vimbadmin directory>/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to <vimbadmin directory>/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to <vimbadmin directory>/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to <vimbadmin directory>/application/controllers/AliasController.php. | |||||
| CVE-2017-7446 | 1 Helpdezk | 1 Helpdezk | 2017-08-16 | 6.8 MEDIUM | 8.8 HIGH |
| HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges. | |||||
| CVE-2017-7398 | 1 D-link | 2 Dir-615, Dir-615 Firmware | 2017-08-16 | 6.8 MEDIUM | 8.8 HIGH |
| D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password. | |||||
| CVE-2017-7447 | 1 Helpdezk | 1 Helpdezk | 2017-08-16 | 6.8 MEDIUM | 8.8 HIGH |
| HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP code. | |||||
| CVE-2017-0045 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2017-08-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site Request Forgery Vulnerability." | |||||
| CVE-2016-6277 | 1 Netgear | 22 D6220, D6220 Firmware, D6400 and 19 more | 2017-08-16 | 9.3 HIGH | 8.8 HIGH |
| NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/. | |||||
| CVE-2017-12651 | 1 Loginizer | 1 Loginizer | 2017-08-15 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked. | |||||
| CVE-2017-10677 | 1 Linksys | 2 Ea4500, Ea4500 Firmware | 2017-08-14 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices with Firmware Version before 2.1.41.164606, as demonstrated by a request to apply.cgi to disable SIP. | |||||
| CVE-2016-1470 | 1 Cisco | 1 Small Business 220 Series Smart Plus Switches | 2017-08-13 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuz76230. | |||||
| CVE-2016-6893 | 1 Gnu | 1 Mailman | 2017-08-13 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account. | |||||
| CVE-2017-8836 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2017-08-13 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface. | |||||
| CVE-2017-2273 | 1 Buffalo | 4 Wmr-433, Wmr-433 Firmware, Wmr-433w and 1 more | 2017-08-10 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2017-2138 | 1 Cs-cart | 2 Cs-cart., Cs-cart Multivendor | 2017-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2017-9490 | 2 Arris, Cisco | 4 Tg1682g, Tg1682g Firmware, Dpc3939b and 1 more | 2017-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF. | |||||
| CVE-2009-0112 | 1 Expinion | 1 Poll Pro | 2017-08-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote attackers to create or modify accounts as administrators via the username, password, and name parameters. | |||||
| CVE-2008-5382 | 1 I-o Data | 4 Hlf-f160, Hlf-f250, Hlf-f300 and 1 more | 2017-08-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE HDL-F160, HDL-F250, HDL-F300, and HDL-F320 firmware before 1.02 allows remote attackers to (1) change a configuration or (2) delete files as an authenticated user via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5672 | 1 Phparanoid | 1 Phparanoid | 2017-08-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in PHParanoid before 0.4 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) admin.php or (2) private messages. | |||||
| CVE-2008-5758 | 1 Phparanoid | 1 Phparanoid | 2017-08-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in PHParanoid before 0.5 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors related to private messages. | |||||
| CVE-2008-5028 | 2 Nagios, Op5 | 2 Nagios, Monitor | 2017-08-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests. | |||||
| CVE-2009-0408 | 1 Oscommerce | 1 Oscommerce | 2017-08-08 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in osCommerce 2.2 RC 2a allows remote attackers to hijack the authentication of administrators. | |||||
| CVE-2008-5113 | 1 Wordpress | 1 Wordpress | 2017-08-08 | 4.0 MEDIUM | N/A |
| WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection. | |||||
| CVE-2008-3759 | 1 Lussumo | 1 Vanilla | 2017-08-08 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors. | |||||
| CVE-2008-4448 | 1 Positive Software | 1 H-sphere | 2017-08-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) futils, or (3) edit actions. | |||||
| CVE-2008-3760 | 1 Lussumo | 1 Vanilla | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout via a SignOutNow action to people.php. | |||||
| CVE-2008-3885 | 1 Blogn | 1 Blogn | 2017-08-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Blogn (BURO GUN) 1.9.7 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make content modifications. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4242 | 1 Proftpd Project | 1 Proftpd | 2017-08-08 | 6.8 MEDIUM | N/A |
| ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. | |||||
| CVE-2008-3743 | 1 Drupal | 1 Drupal | 2017-08-08 | 5.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements. | |||||
| CVE-2008-3736 | 2 Spacetag, System Consultants | 2 Lacoodast, La Cooda Wiz | 2017-08-08 | 6.0 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (a) change passwords or (b) change configurations. | |||||
| CVE-2008-4899 | 1 Planetluc | 1 Rateme | 2017-08-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Planetluc RateMe 1.3.3 allows remote attackers to perform unauthorized actions as other users via unspecified vectors. | |||||