Total
8582 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1213 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing. | ||||
| CVE-2008-2531 | 1 Buildanichestore3 | 1 Bans | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the search script in Build A Niche Store (BANS) 3.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2009-3922 | 2 Chad Phillips, Drupal | 2 Userprotect, Drupal | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the User Protect module 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allow remote attackers to hijack the authentication of administrators for requests that (1) delete the editing protection of a user or (2) delete a certain type of administrative-bypass rule. | ||||
| CVE-2008-3080 | 1 Mywebland | 1 Mybloggie | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899. | ||||
| CVE-2008-3220 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings." | ||||
| CVE-2009-1339 | 1 Twiki | 1 Twiki | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434. | ||||
| CVE-2008-3421 | 1 Blackboard | 1 Blackboard Academic Suite | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp. | ||||
| CVE-2007-5572 | 1 Sphpblog | 1 Sphpblog | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Blog (SPHPBlog) 0.4.9 allow remote attackers to perform delete actions as administrators via (1) the block_id parameter to add_block.php or (2) the link_id parameter to add_link.php. | ||||
| CVE-2009-1434 | 1 Foswiki | 1 Foswiki | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339. | ||||
| CVE-2009-1455 | 1 Andrew Simpson | 1 Webcollab | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in WebCollab before 2.50 (aka Billy Goat) allow remote attackers to hijack the authentication of administrators for requests that change an arbitrary password or have other unspecified impact. | ||||
| CVE-2008-3736 | 2 Spacetag, System Consultants | 2 Lacoodast, La Cooda Wiz | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (a) change passwords or (b) change configurations. | ||||
| CVE-2008-3868 | 1 Cce-interact | 1 Interact | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 allows remote attackers to hijack the authentication of super administrators for requests that create super administrator accounts. | ||||
| CVE-2009-2150 | 1 Campusvirtualcomputrade | 1 Campus Virtual-lms | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers to hijack the authentication of certain users via a (2) ADD or (3) DELETE action to enrolments/step2.php. | ||||
| CVE-2009-1733 | 1 Richard Ellerbrock | 1 Ipplan | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows remote attackers to hijack the authentication of administrators for requests that (1) change the password, (2) add users, or (3) delete users via unknown vectors. | ||||
| CVE-2008-6801 | 1 Vivvo | 1 Vivvo | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Vivvo CMS before 4.0.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2008-6532 | 1 Drupal | 1 Drupal | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database. | ||||
| CVE-2008-5028 | 2 Nagios, Op5 | 2 Nagios, Monitor | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests. | ||||
| CVE-2008-5583 | 1 Projectpier | 1 Projectpier | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in index.php in ProjectPier 0.8 and earlier allows remote attackers to perform actions as an administrator via the query string, as demonstrated by a delete project action. | ||||
| CVE-2008-6384 | 1 Drupal | 1 Comment Mail | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Comment Mail 5.x before 5.x-1.1, a module for Drupal, allow remote attackers to hijack the authentication of administrators. | ||||
| CVE-2008-6605 | 1 2wire | 4 1701hg, 1800hw, 2071hg and 1 more | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that cause a denial of service (network outage) via a page parameter with a % (percent) character followed by a non-alphanumeric character. | ||||