Total
8698 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0575 | 1 Webspell | 1 Webspell | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/admincenter.php in webSPELL 4.01.02 allows remote attackers to assign the superadmin privilege level to arbitrary accounts as administrators via an "update member" action. | |||||
| CVE-2009-0708 | 1 Semanticscuttle | 1 Semanticscuttle | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in SemanticScuttle before 0.91 allow remote attackers to (1) hijack the authentication of administrators via unknown vectors or (2) hijack the authentication of arbitrary users via vectors involving the profile page. | |||||
| CVE-2009-3248 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php. | |||||
| CVE-2009-2073 | 1 Cisco | 1 Wrt160n | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Linksys WRT160N wireless router hardware 1 and firmware 1.02.2 allows remote attackers to hijack the authentication of other users for unspecified requests via unknown vectors, as demonstrated using administrator privileges and actions. | |||||
| CVE-2008-1977 | 2 Internationalization Project, Localizer Project | 2 Internationalization, Localizer | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Internationalization (i18n) Drupal module 5.x before 5.x-2.3 and 5.x-1.1, and 6.x before 6.x-1.0 beta 1, allows remote attackers to change node translation relationships via unspecified vectors. | |||||
| CVE-2008-6587 | 1 Vuze | 1 Vuze | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze (formerly Azureus HTML WebUI), probably 0.7.6, allows remote attackers to hijack the authentication of users for requests that force the download of arbitrary torrent files via the upurl parameter. | |||||
| CVE-2007-5259 | 1 Ilient | 1 Sysaid | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Ilient SysAid 4.5.03 and 4.5.04 allows remote attackers to perform some actions as administrators, as demonstrated by changing the administrator password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1518 | 1 Beltane | 1 Beltane | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Beltane before 2.3.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6106 | 1 Ibm | 2 Workplace For Business Controls And Reporting, Workplace Web Content Management | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x has unknown impact and remote attack vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3392 | 1 Webwizguide | 1 Web Wiz Forum | 2025-04-09 | 5.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 allows remote attackers to log out a user via a link or IMG tag to log_off_user.asp. | |||||
| CVE-2007-4724 | 1 Apache | 1 Tomcat | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters. | |||||
| CVE-2009-4173 | 2 Cutephp, Korn19 | 2 Cutenews, Utf-8 Cutenews | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php. | |||||
| CVE-2008-0228 | 1 Linksys | 1 Wrt54gl | 2025-04-09 | 9.3 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators. | |||||
| CVE-2009-0486 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 7.5 HIGH | N/A |
| Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users. | |||||
| CVE-2008-4448 | 1 Positive Software | 1 H-sphere | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) futils, or (3) edit actions. | |||||
| CVE-2009-4092 | 1 Simplog | 1 Simplog | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in user.php in Simplog 0.9.3.2, and possibly earlier, allows remote attackers to hijack the authentication of administrators and users for requests that change passwords. | |||||
| CVE-2007-5828 | 1 Django Project | 1 Django | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module | |||||
| CVE-2008-6239 | 1 Openedit | 1 Openedit Digital Asset Management | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to perform unspecified actions as arbitrary users via unknown vectors. | |||||
| CVE-2009-4079 | 1 Redmine | 1 Redmine | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors. | |||||
| CVE-2008-3197 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | 3.5 LOW | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set. | |||||