Export limit exceeded: 360057 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9348 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0482 | 1 Mozilla | 1 Bugzilla | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi. | ||||
| CVE-2009-0471 | 1 Cisco | 1 Ios | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request. | ||||
| CVE-2009-0039 | 1 Apache | 1 Geronimo | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown. | ||||
| CVE-2007-5828 | 1 Django Project | 1 Django | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module | ||||
| CVE-2007-5818 | 1 Sblog | 1 Sblog | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php in sBlog 0.7.3 Beta allows remote attackers to change arbitrary blocks as administrators. | ||||
| CVE-2007-5213 | 1 Axis | 2 2100 Network Camera, 2100 Network Camera Firmware | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page. | ||||
| CVE-2007-5032 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified add_name and add_radminsuper parameters. | ||||
| CVE-2009-4092 | 1 Simplog | 1 Simplog | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in user.php in Simplog 0.9.3.2, and possibly earlier, allows remote attackers to hijack the authentication of administrators and users for requests that change passwords. | ||||
| CVE-2009-4076 | 1 Roundcube | 1 Webmail | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077. | ||||
| CVE-2007-4930 | 1 Axis | 1 207w Network Camera | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 207W camera allow remote attackers to perform certain actions as administrators via (1) axis-cgi/admin/restart.cgi, (2) the user and sgrp parameters to axis-cgi/admin/pwdgrp.cgi in an add action, or (3) the server parameter to admin/restartMessage.shtml. | ||||
| CVE-2009-2746 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2007-4541 | 1 Olate | 1 Olatedownload | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php. | ||||
| CVE-2009-0485 | 1 Mozilla | 1 Bugzilla | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi. | ||||
| CVE-2009-0272 | 1 Novell | 1 Groupwise | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors. | ||||
| CVE-2008-1981 | 1 E-publish Project | 1 E-publish | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors. | ||||
| CVE-2008-1977 | 2 Internationalization Project, Localizer Project | 2 Internationalization, Localizer | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Internationalization (i18n) Drupal module 5.x before 5.x-2.3 and 5.x-1.1, and 6.x before 6.x-1.0 beta 1, allows remote attackers to change node translation relationships via unspecified vectors. | ||||
| CVE-2008-4899 | 1 Planetluc | 1 Rateme | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Planetluc RateMe 1.3.3 allows remote attackers to perform unauthorized actions as other users via unspecified vectors. | ||||
| CVE-2008-4247 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2026-04-23 | N/A |
| ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. | ||||
| CVE-2007-5960 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Enterprise Linux and 1 more | 2026-04-23 | N/A |
| Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent. | ||||
| CVE-2008-0788 | 1 Mybb | 1 Mybb | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the authentication of arbitrary users for requests that delete private messages (PM) via a delete action to private.php. | ||||