Total
5481 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-1954 | 1 Postrev | 1 Post Revolution | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in Post Revolution 0.8.0c-2 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests to (1) ajax-weblog-guardar.php, (2) verpost.php, (3) comments.php, or (4) perfil.php. | |||||
CVE-2012-1235 | 1 Advantech | 1 Advantech Webaccess | 2023-12-10 | 6.0 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235. | |||||
CVE-2011-0447 | 1 Rubyonrails | 1 Rails | 2023-12-10 | 6.8 MEDIUM | N/A |
Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a related issue to CVE-2011-0696. | |||||
CVE-2010-4519 | 2 Drupal, Earl Miles | 2 Drupal, Views | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable all Views or (2) disable all Views. | |||||
CVE-2008-4448 | 1 Positive Software | 1 H-sphere | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) futils, or (3) edit actions. | |||||
CVE-2009-3656 | 2 Drupal, Tim Nelson | 2 Drupal, Shared Sign-on | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users via unknown vectors. | |||||
CVE-2009-2572 | 2 Drupal, Lullabot | 2 Drupal, Fivestar Module For Drupal | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Fivestar module 5.x-1.x before 5.x-1.14 and 6.x-1.x before 6.x-1.14, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that cast votes. | |||||
CVE-2008-6586 | 1 Utorrent | 1 Utorrent Webui | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in gui/index.php in µTorrent (uTorrent) WebUI 0.315 allows remote attackers to (1) hijack the authentication of users for requests that force the download of arbitrary torrent files via the add-url action and (2) hijack the authentication of administrators for requests that modify the administrator account via the setsetting action. | |||||
CVE-2008-5567 | 1 Bonzacart | 1 Bonza Cart | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in admin/ad_settings.php in Bonza Cart 1.10 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters. | |||||
CVE-2008-3220 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings." | |||||
CVE-2008-3759 | 1 Lussumo | 1 Vanilla | 2023-12-10 | 7.5 HIGH | N/A |
Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors. | |||||
CVE-2009-2746 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
CVE-2008-5113 | 1 Wordpress | 1 Wordpress | 2023-12-10 | 4.0 MEDIUM | N/A |
WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection. | |||||
CVE-2008-4242 | 1 Proftpd Project | 1 Proftpd | 2023-12-10 | 6.8 MEDIUM | N/A |
ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. | |||||
CVE-2008-7214 | 2 Brilaps, Mambo-foundation | 2 Mostlyce, Mambo | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php. | |||||
CVE-2009-1561 | 1 Cisco | 1 Wrt54gc | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator password via the sysPasswd and sysConfirmPasswd parameters. | |||||
CVE-2009-1518 | 1 Beltane | 1 Beltane | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Beltane before 2.3.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-6048 | 1 Tangocms | 1 Tangocms | 2023-12-10 | 6.0 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in TangoCMS before 2.2.0 allow remote attackers to hijack the authentication of administrators. | |||||
CVE-2008-4734 | 2 Pressography, Wordpress | 2 Wp Comment Remix Plugin, Wordpress | 2023-12-10 | 7.5 HIGH | N/A |
Cross-site request forgery (CSRF) vulnerability in the wpcr_do_options_page function in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to perform unauthorized actions as administrators via a request that sets the wpcr_hidden_form_input parameter. | |||||
CVE-2009-1464 | 1 Klinzmann | 1 Application Access Server | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in index.aas in Application Access Server (A-A-S) 2.0.48 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary programs via a command job, (2) stop services via a setservice job, or (3) terminate processes via a killprocess job. |