Total
5484 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-5175 | 1 Buffalotech | 1 Terastation Hd-htgl Firmware | 2023-12-10 | 7.6 HIGH | N/A |
Cross-site request forgery (CSRF) vulnerability in the administrative interface for the TeraStation HD-HTGL firmware 2.05 beta 1 and earlier allows remote attackers to modify configurations or delete arbitrary data via unspecified vectors. | |||||
CVE-2008-0788 | 1 Mybb | 1 Mybb | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the authentication of arbitrary users for requests that delete private messages (PM) via a delete action to private.php. | |||||
CVE-2008-1260 | 1 Zyxel | 1 P-2602hw-d1a | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities on the Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware allow remote attackers to (1) make the admin web server available on the Internet (WAN) interface via the WWWAccessInterface parameter to Forms/RemMagWWW_1 or (2) change the IP whitelisting timeout via the StdioTimout parameter to Forms/rpSysAdmin_1. | |||||
CVE-2007-6390 | 1 Serendipity | 1 Serendipity | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page. | |||||
CVE-2006-6741 | 1 Mkportal | 1 Mkportal | 2023-12-10 | 5.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag. | |||||
CVE-2007-5572 | 1 Sphpblog | 1 Sphpblog | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Blog (SPHPBlog) 0.4.9 allow remote attackers to perform delete actions as administrators via (1) the block_id parameter to add_block.php or (2) the link_id parameter to add_link.php. | |||||
CVE-2007-6642 | 1 Joomla | 1 Joomla | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors. | |||||
CVE-2007-4544 | 1 Wordpress | 1 Wordpress Mu | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field). | |||||
CVE-2007-6320 | 1 Drupal | 1 Feature Module | 2023-12-10 | 4.3 MEDIUM | N/A |
Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks. | |||||
CVE-2008-1172 | 1 Torrenttrader | 2 Torrenttrader, Torrenttrader Classic | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php in TorrentTrader Classic 1.08 allow remote attackers to perform certain actions as other users, as demonstrated by sending messages. | |||||
CVE-2008-0272 | 1 Drupal | 1 Drupal | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users. | |||||
CVE-2007-5918 | 1 Ms Topsites | 1 Ms Topsites | 2023-12-10 | 6.0 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an arbitrary user via a modified uname value in an edit action to modules.php. | |||||
CVE-2007-5259 | 1 Ilient | 1 Sysaid | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Ilient SysAid 4.5.03 and 4.5.04 allows remote attackers to perform some actions as administrators, as demonstrated by changing the administrator password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-4822 | 2 Buffalotech, Oracle | 2 Airstation Whr-g54s, Database Server | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html. | |||||
CVE-2008-0563 | 1 Liferay | 1 Liferay Enterprise Portal | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format. | |||||
CVE-2008-1248 | 1 Snom | 1 320 Sip Phone | 2023-12-10 | 5.8 MEDIUM | N/A |
The web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to make arbitrary phone calls via the "Call a number" field. NOTE: this might overlap CVE-2007-3440. | |||||
CVE-2008-0336 | 1 Bugtracker.net | 1 Bugtracker.net | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in BugTracker.NET before 2.7.2 allow remote attackers to delete arbitrary bugs and perform other administrative tasks via unspecified vectors, possibly related to delete_*.aspx pages, and massedit.aspx, subscribe.aspx, flag.aspx, and relationships.aspx. | |||||
CVE-2008-1149 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-12-10 | 5.1 MEDIUM | N/A |
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies. | |||||
CVE-2007-5818 | 1 Sblog | 1 Sblog | 2023-12-10 | 7.6 HIGH | N/A |
Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php in sBlog 0.7.3 Beta allows remote attackers to change arbitrary blocks as administrators. | |||||
CVE-2007-1276 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename. |