Total
5484 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-3080 | 1 Mywebland | 1 Mybloggie | 2023-12-10 | 5.1 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899. | |||||
CVE-2006-6701 | 1 Atmail | 1 Atmail Webmail | 2023-12-10 | 7.5 HIGH | N/A |
Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail. | |||||
CVE-2007-5773 | 1 Flatnuke3 | 1 Flatnuke3 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in index.php in the File Manager module in Flatnuke 3 allows remote attackers to perform certain actions as administrators via requests containing the pathname in the dir parameter and the filename in the ffile parameter. | |||||
CVE-2008-0271 | 1 Drupal | 1 Bueditor | 2023-12-10 | 4.3 MEDIUM | N/A |
The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete custom editor interfaces. | |||||
CVE-2007-4724 | 1 Apache | 1 Tomcat | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters. | |||||
CVE-2007-4541 | 1 Olate | 1 Olatedownload | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php. | |||||
CVE-2008-0508 | 1 Wordpress | 1 Permalinks Migration Plugin | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in deans_permalinks_migration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure (aka dean_pm_config[oldstructure]) configuration setting as administrators via the old_struct parameter in a deans_permalinks_migration.php action to wp-admin/options-general.php, as demonstrated by placing an XSS sequence in this setting. | |||||
CVE-2008-0266 | 1 Eticket | 1 Eticket | 2023-12-10 | 2.6 LOW | N/A |
Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability. | |||||
CVE-2007-6300 | 1 Fusion News | 1 Fusion News | 2023-12-10 | 5.0 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors. | |||||
CVE-2007-5384 | 2 Alcatel, Bt | 2 Speedtouch 7g Router, Home Hub | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to perform actions as administrators via unspecified POST requests, as demonstrated by enabling an inbound remote-assistance HTTPS session on TCP port 51003. NOTE: an authentication bypass can be leveraged to exploit this in the absence of an existing administrative session. NOTE: SpeedTouch 780 might also be affected by some of these issues. | |||||
CVE-2007-1157 | 1 Jboss | 1 Jboss | 2023-12-10 | 7.6 HIGH | N/A |
Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733. | |||||
CVE-2007-5917 | 1 Skalinks | 1 Skalinks | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in admin/admin_account.php in Skalinks 1.5 and earlier allows remote attackers to add arbitrary privileged accounts as administrators via the admin_name, admin_password, admin_type, and Add_admin parameters. | |||||
CVE-2007-5109 | 1 Flatnuke | 1 Flatnuke | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified (1) regpass and (2) level parameters in a none_Login action, as demonstrated by using a Flash object to automatically make the request. | |||||
CVE-2007-4893 | 1 Wordpress | 1 Wordpress | 2023-12-10 | 4.3 MEDIUM | N/A |
wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field. | |||||
CVE-2008-0182 | 1 Liferay | 1 Liferay Enterprise Portal | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message. | |||||
CVE-2007-6490 | 1 Falcon | 1 Series One Cms | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php. | |||||
CVE-2008-0575 | 1 Webspell | 1 Webspell | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in admin/admincenter.php in webSPELL 4.01.02 allows remote attackers to assign the superadmin privilege level to arbitrary accounts as administrators via an "update member" action. | |||||
CVE-2008-1250 | 1 Snom | 1 320 Sip Phone | 2023-12-10 | 9.3 HIGH | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the central phone server for the Snom 320 SIP Phone allow remote attackers to perform actions as the phone user, as demonstrated by inserting an address-book entry containing an XSS sequence. | |||||
CVE-2007-2589 | 1 Squirrelmail | 1 Squirrelmail | 2023-12-10 | 5.0 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element. | |||||
CVE-2007-5213 | 1 Axis | 2 2100 Network Camera, 2100 Network Camera Firmware | 2023-12-10 | 9.3 HIGH | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page. |