Total
4240 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-2282 | 1 Tomatocms | 1 Tomatocms | 2010-06-16 | 5.1 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in TomatoCMS 2.0.6 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. | |||||
CVE-2010-2268 | 1 Accoria | 1 Rock Web Server | 2010-06-15 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts. | |||||
CVE-2009-4787 | 1 Pligg | 1 Pligg Cms | 2010-06-10 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg before 1.0.3 allow remote attackers to hijack the authentication of administrators for requests that create user accounts or have unspecified other impact. | |||||
CVE-2010-2151 | 1 Fujitsu | 1 E-pares | 2010-06-03 | 2.6 LOW | N/A |
Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown vectors. | |||||
CVE-2010-2114 | 1 Brekeke | 1 Pbx | 2010-05-31 | 2.6 LOW | N/A |
Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke PBX 2.4.4.8 allows remote attackers to hijack the authentication of users for requests that change passwords via the pbxadmin.web.PbxUserEdit bean. | |||||
CVE-2010-2025 | 1 Cisco | 1 Scientific Atlanta Webstar Dpc2100r2 | 2010-05-26 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl. | |||||
CVE-2009-4826 | 1 Scriptsez | 1 Mini Hosting Panel | 2010-05-23 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in hosting/admin_ac.php in ScriptsEz Mini Hosting Panel allows remote attackers to hijack the authentication of administrators for requests that alter administrative settings via a cp action. | |||||
CVE-2009-4827 | 1 Scriptez | 1 Mail Manager Pro | 2010-05-23 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in admin.php in Mail Manager Pro allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a change action. | |||||
CVE-2009-4828 | 1 Phpwebscripts | 1 Ad Manager Pro | 2010-05-23 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an admin_created action. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-1732 | 1 Zikula | 1 Zikula Application Framework | 2010-05-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action). | |||||
CVE-2010-1542 | 1 Dragonfrugal | 1 Dfd Cart | 2010-04-27 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/configure.php in DFD Cart 1.198, 1.197, and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks or (2) change unspecified settings. | |||||
CVE-2010-0638 | 1 K5n | 1 Webcalendar | 2010-02-15 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-4517 | 2 Drupal, Nanwich | 2 Drupal, Faq Ask | 2010-01-08 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content. | |||||
CVE-2009-4385 | 1 Scriptsez | 1 Ez Poll Hoster | 2009-12-23 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to (1) hijack the authentication of arbitrary users for requests that delete polls via the delete_poll action to index.php; and hijack the authentication of administrators for requests that (2) delete users via the manage action to admin.php, or (3) send arbitrary email to arbitrary users in the email action to admin.php. | |||||
CVE-2009-3784 | 2 Drupal, Sjoerd Arendsen | 2 Drupal, Simplenews Statistics | 2009-10-26 | 6.8 MEDIUM | N/A |
Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2008-5252 | 1 Mediawiki | 1 Mediawiki | 2009-10-13 | 5.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1.3.0 through 1.6.10, 1.12.x before 1.12.2, and 1.13.x before 1.13.3 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors. | |||||
CVE-2009-3520 | 1 Jean-michel Wyttenbach | 1 Cmsphp | 2009-10-01 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administrator password via the pseudo, pwd, and uid parameters in an admin_info_user_verif action. | |||||
CVE-2008-7241 | 1 Punbb | 1 Punbb | 2009-09-17 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout. | |||||
CVE-2007-6730 | 1 Zyxel | 1 P-330w Router | 2009-09-14 | 9.3 HIGH | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote router management via goform/formRmtMgt or (2) modify the administrator password via goform/formPasswordSetup. | |||||
CVE-2008-0788 | 1 Mybb | 1 Mybb | 2009-08-19 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the authentication of arbitrary users for requests that delete private messages (PM) via a delete action to private.php. |