Total
7649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4385 | 1 Scriptsez | 1 Ez Poll Hoster | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to (1) hijack the authentication of arbitrary users for requests that delete polls via the delete_poll action to index.php; and hijack the authentication of administrators for requests that (2) delete users via the manage action to admin.php, or (3) send arbitrary email to arbitrary users in the email action to admin.php. | |||||
| CVE-2009-0486 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 7.5 HIGH | N/A |
| Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users. | |||||
| CVE-2008-2140 | 1 Rpath | 1 Appliance Platform Agent | 2025-04-09 | 2.6 LOW | N/A |
| Cross-site request forgery (CSRF) vulnerability in the rootpw plugin in rPath Appliance Platform Agent 2 and 3 allows remote attackers to reset the root password as the administrator via a crafted URL. | |||||
| CVE-2009-4076 | 1 Roundcube | 1 Webmail | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077. | |||||
| CVE-2008-3744 | 1 Drupal | 1 Drupal | 2025-04-09 | 5.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) delete user access rules. | |||||
| CVE-2008-5115 | 1 Sun | 1 Java System Identity Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp. | |||||
| CVE-2007-5060 | 1 Xcms | 1 Xcms | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the cpass functionality in an admin action in index.php in XCMS allows remote attackers to change arbitrary passwords via certain password_ and rpassword_ parameters, possibly related to timestamp values. | |||||
| CVE-2009-4555 | 1 K-factor | 1 Agoracart | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in AgoraCart 5.2.005 and 5.2.006 and AgoraCart GOLD 5.5.005 allow remote attackers to hijack the authentication of administrators for requests that (1) modify a .htaccess file via an unspecified request to protected/manager.cgi or (2) change the password of an administrative account. | |||||
| CVE-2007-1520 | 1 Phpnuke | 1 Php-nuke | 2025-04-09 | 6.8 MEDIUM | N/A |
| The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks. | |||||
| CVE-2009-3022 | 1 Itd-inc | 1 Bingo\!cms | 2025-04-09 | 6.8 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors. | |||||
| CVE-2008-7241 | 1 Punbb | 1 Punbb | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout. | |||||
| CVE-2008-0182 | 1 Liferay | 1 Liferay Enterprise Portal | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message. | |||||
| CVE-2009-3922 | 2 Chad Phillips, Drupal | 2 Userprotect, Drupal | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the User Protect module 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allow remote attackers to hijack the authentication of administrators for requests that (1) delete the editing protection of a user or (2) delete a certain type of administrative-bypass rule. | |||||
| CVE-2009-2150 | 1 Campusvirtualcomputrade | 1 Campus Virtual-lms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers to hijack the authentication of certain users via a (2) ADD or (3) DELETE action to enrolments/step2.php. | |||||
| CVE-2009-1280 | 1 Joomla | 1 Joomla | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2008-7204 | 1 Virtuemart | 1 Virtuemart | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2007-1157 | 1 Jboss | 1 Jboss | 2025-04-09 | 7.6 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733. | |||||
| CVE-2008-6974 | 1 Dd-wrt | 1 Dd-wrt | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters. | |||||
| CVE-2008-0788 | 1 Mybb | 1 Mybb | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the authentication of arbitrary users for requests that delete private messages (PM) via a delete action to private.php. | |||||
| CVE-2009-0468 | 1 Armorlogic | 1 Profense Web Application Firewall | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown the server, (2) send ping packets, (3) enable network services, (4) configure a proxy server, and (5) modify other settings via parameters in the query string. | |||||