Total
8582 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5032 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified add_name and add_radminsuper parameters. | ||||
| CVE-2008-3392 | 1 Webwizguide | 1 Web Wiz Forum | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 allows remote attackers to log out a user via a link or IMG tag to log_off_user.asp. | ||||
| CVE-2007-6708 | 1 Linksys | 1 Wag54gs | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi. | ||||
| CVE-2007-6730 | 1 Zyxel | 1 P-330w Router | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote router management via goform/formRmtMgt or (2) modify the administrator password via goform/formPasswordSetup. | ||||
| CVE-2008-1254 | 1 Zyxel | 1 P-660hw | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXEL P-660HW series router allow remote attackers to (1) change DNS servers and (2) add keywords to the "bannedlist" via unspecified vectors. | ||||
| CVE-2009-4066 | 2 Drupal, Paul Beaney | 2 Drupal, Phplist | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (2) unsubscribing to mailing lists. | ||||
| CVE-2009-2323 | 1 Axesstel | 1 Mv 410r | 2025-04-09 | N/A |
| The web interface on the Axesstel MV 410R redirects users back to the referring page after execution of some CGI scripts, which makes it easier for remote attackers to avoid detection of cross-site request forgery (CSRF) attacks, as demonstrated by a redirect from the cgi-bin/wireless.cgi script. | ||||
| CVE-2008-3080 | 1 Mywebland | 1 Mybloggie | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899. | ||||
| CVE-2008-0165 | 1 Ikiwiki | 1 Ikiwiki | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms. | ||||
| CVE-2008-3716 | 1 Harmoni | 1 Harmoni | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Harmoni before 1.6.0 allows remote attackers to make administrative modifications via a (1) save or (2) delete action to an unspecified component. | ||||
| CVE-2008-0266 | 1 Eticket | 1 Eticket | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability. | ||||
| CVE-2008-0271 | 1 Drupal | 1 Bueditor | 2025-04-09 | N/A |
| The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete custom editor interfaces. | ||||
| CVE-2008-5758 | 1 Phparanoid | 1 Phparanoid | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in PHParanoid before 0.5 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors related to private messages. | ||||
| CVE-2008-5028 | 2 Nagios, Op5 | 2 Nagios, Monitor | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests. | ||||
| CVE-2007-5960 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Enterprise Linux and 1 more | 2025-04-09 | N/A |
| Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent. | ||||
| CVE-2007-1489 | 1 Web-app.org | 1 Webapp | 2025-04-09 | N/A |
| Unspecified vulnerability in web-app.org Web Automated Perl Portal (WebAPP) 0.9.9.4 to 0.9.9.6 allows remote attackers to obtain admin access by modifying cookies and performing "certain consecutive actions," possibly due to a cross-site request forgery (CSRF) vulnerability. | ||||
| CVE-2008-3760 | 1 Lussumo | 1 Vanilla | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout via a SignOutNow action to people.php. | ||||
| CVE-2009-1339 | 1 Twiki | 1 Twiki | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434. | ||||
| CVE-2008-5568 | 1 Ipn-mate | 1 Ipn Pro 3 | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the admin_id, newpass_1, and newpass_2 parameters. | ||||
| CVE-2008-4899 | 1 Planetluc | 1 Rateme | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Planetluc RateMe 1.3.3 allows remote attackers to perform unauthorized actions as other users via unspecified vectors. | ||||