Export limit exceeded: 10269 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10269 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5799 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters. | ||||
| CVE-2007-0044 | 2 Adobe, Redhat | 4 Acrobat, Acrobat 3d, Acrobat Reader and 1 more | 2026-04-23 | N/A |
| Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." | ||||
| CVE-2008-3743 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements. | ||||
| CVE-2008-3716 | 1 Harmoni | 1 Harmoni | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Harmoni before 1.6.0 allows remote attackers to make administrative modifications via a (1) save or (2) delete action to an unspecified component. | ||||
| CVE-2009-0486 | 1 Mozilla | 1 Bugzilla | 2026-04-23 | N/A |
| Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users. | ||||
| CVE-2008-0571 | 1 Drupal | 1 Userpoints Module | 2026-04-23 | N/A |
| The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, 5.x-2 before 5.x-2.16, and 5.x-3 before 5.x-3.3 module for Drupal does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and manipulate points. | ||||
| CVE-2008-1260 | 1 Zyxel | 1 P-2602hw-d1a | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware allow remote attackers to (1) make the admin web server available on the Internet (WAN) interface via the WWWAccessInterface parameter to Forms/RemMagWWW_1 or (2) change the IP whitelisting timeout via the StdioTimout parameter to Forms/rpSysAdmin_1. | ||||
| CVE-2008-1248 | 1 Snom | 1 320 Sip Phone | 2026-04-23 | N/A |
| The web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to make arbitrary phone calls via the "Call a number" field. NOTE: this might overlap CVE-2007-3440. | ||||
| CVE-2008-1254 | 1 Zyxel | 1 P-660hw | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXEL P-660HW series router allow remote attackers to (1) change DNS servers and (2) add keywords to the "bannedlist" via unspecified vectors. | ||||
| CVE-2008-0198 | 1 Wp-contactform Project | 1 Wp-contactform | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php. | ||||
| CVE-2008-3220 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings." | ||||
| CVE-2008-5382 | 1 I-o Data | 4 Hlf-f160, Hlf-f250, Hlf-f300 and 1 more | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE HDL-F160, HDL-F250, HDL-F300, and HDL-F320 firmware before 1.02 allows remote attackers to (1) change a configuration or (2) delete files as an authenticated user via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-3520 | 1 Cmsphp Project | 1 Cmsphp | 2026-04-23 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administrator password via the pseudo, pwd, and uid parameters in an admin_info_user_verif action. | ||||
| CVE-2008-1323 | 1 Woltlab | 1 Burning Board Lite | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board Lite (wBB) 2 Beta 1 allows remote attackers to delete threads as other users via the ThreadDelete action. | ||||
| CVE-2008-2140 | 1 Rpath | 1 Appliance Platform Agent | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the rootpw plugin in rPath Appliance Platform Agent 2 and 3 allows remote attackers to reset the root password as the administrator via a crafted URL. | ||||
| CVE-2007-5960 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Enterprise Linux and 1 more | 2026-04-23 | N/A |
| Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent. | ||||
| CVE-2008-3744 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) delete user access rules. | ||||
| CVE-2009-4173 | 2 Cutephp, Korn19 | 2 Cutenews, Utf-8 Cutenews | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php. | ||||
| CVE-2007-5259 | 1 Ilient | 1 Sysaid | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Ilient SysAid 4.5.03 and 4.5.04 allows remote attackers to perform some actions as administrators, as demonstrated by changing the administrator password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-5251 | 1 Webhost Automation | 1 Helm Web Hosting Control Panel | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Helm 3.2.16 allow remote attackers to inject arbitrary web script or HTML via (1) the showOption parameter to domain.asp, or the (2) Folder or (3) StartPath parameter to FileManager.asp. | ||||