Medium
CVE-2010-1037
Cross-site request forgery (CSRF) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Tag: Cross-Site Request Forgery (CSRF)
All CVEs associated with "Cross-Site Request Forgery (CSRF)". Page 78/80 • 9568 CVEs.
Subscribe CVEs: RSS for “Cross-Site Request Forgery (CSRF)” · RSS (High+Critical only)
About “Cross-Site Request Forgery (CSRF)”
A curated feed of “Cross-Site Request Forgery (CSRF)”-related CVEs appears below. We currently track 9568 CVEs for this tag (all time). In the last 365 days, 1403 were published. Average CVSS is 6.4 (all time; 5.6 over 365d), and 37% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-352 - Cross-Site Request Forgery (CSRF), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-862 - Missing Authorization.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2010-04-28
2010-04-27
Medium
CVE-2009-4828
Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for reques…
Medium
CVE-2009-4827
Cross-site request forgery (CSRF) vulnerability in admin.php in Mail Manager Pro allows remote attackers to hijack the authentication of administrators for requests that change the admin password via…
Medium
CVE-2009-4826
Cross-site request forgery (CSRF) vulnerability in hosting/admin_ac.php in ScriptsEz Mini Hosting Panel allows remote attackers to hijack the authentication of administrators for requests that alter…
2010-04-26
Medium
CVE-2010-1542
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/configure.php in DFD Cart 1.198, 1.197, and earlier allow remote attackers to hijack the authentication of administrators for reque…
2010-04-21
Medium
CVE-2009-4787
Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg before 1.0.3 allow remote attackers to hijack the authentication of administrators for requests that create user accounts or have u…
2010-04-20
Medium
CVE-2010-1150
MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct…
Medium
CVE-2009-4773
Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the…
2010-04-09
Medium
CVE-2010-0992
Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allow remote attackers to hijack the authentication of users for re…
2010-04-05
Medium
CVE-2010-1244
Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests th…
High
CVE-2009-2936
The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received…
2010-04-01
Medium
CVE-2010-1227
Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as de…
2010-03-03
Medium
CVE-2010-0921
Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecif…
Medium
CVE-2010-0920
Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vect…
2010-02-26
Medium
CVE-2010-0713
Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests tha…
2010-02-25
Medium
CVE-2010-0711
Cross-site request forgery (CSRF) vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to hijack the authentication of an administr…
Medium
CVE-2010-0709
Multiple cross-site request forgery (CSRF) vulnerabilities in Limny 2.0 allow remote attackers to (1) hijack the authentication of users or administrators for requests that change the email address o…
Medium
CVE-2010-0707
Cross-site request forgery (CSRF) vulnerability in add_user.php in Employee Timeclock Software 0.99 allows remote attackers to hijack the authentication of an administrator for requests that create n…
2010-02-15
Medium
CVE-2010-0638
Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via un…
Medium
CVE-2010-0289
Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of admin…
2010-02-12
Medium
CVE-2010-0637
Multiple cross-site request forgery (CSRF) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to hijack the authentication of administrators for requests th…
2010-01-19
Medium
CVE-2009-4605
scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote at…
2010-01-05
Medium
CVE-2009-4572
Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 allows remote attackers to hijack the authentication of arbitrary users for requests that invoke the cartAdd function in a shop/cart a…
2010-01-04
Medium
CVE-2009-4563
Cross-site request forgery (CSRF) vulnerability in zp-core/admin-options.php in Zenphoto 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change the admi…
Medium
CVE-2009-4555
Multiple cross-site request forgery (CSRF) vulnerabilities in AgoraCart 5.2.005 and 5.2.006 and AgoraCart GOLD 5.5.005 allow remote attackers to hijack the authentication of administrators for reques…
2009-12-31
Medium
CVE-2009-4517
Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requ…
2009-12-28
Medium
CVE-2009-1797
Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and ot…
2009-12-23
Medium
CVE-2009-4407
Multiple cross-site request forgery (CSRF) vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to hijack the authentication of victims for requ…
Medium
CVE-2009-3580
Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login…
2009-12-22
Medium
CVE-2009-4385
Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to (1) hijack the authentication of arbitrary users for requests that delete po…
2009-12-21
Medium
CVE-2009-4365
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a blog…
2009-12-17
Medium
CVE-2009-4349
Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that creat…
2009-12-16
Medium
CVE-2009-4297
Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vect…
Medium
CVE-2008-7248
Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protect…
2009-12-02
Medium
CVE-2009-4173
Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create…
2009-12-01
Medium
CVE-2009-4121
Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.CMS 2.4 and Quick.CMS.Lite 2.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delet…
Medium
CVE-2009-4120
Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.Cart 3.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete orders via an orders…
2009-11-29
Medium
CVE-2009-4092
Cross-site request forgery (CSRF) vulnerability in user.php in Simplog 0.9.3.2, and possibly earlier, allows remote attackers to hijack the authentication of administrators and users for requests tha…
2009-11-25
Medium
CVE-2009-4079
Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.
Medium
CVE-2009-4077
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary email…
Medium
CVE-2009-4076
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user informat…
2009-11-24
Medium
CVE-2009-4066
Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack…
2009-11-16
Medium
CVE-2009-2746
Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 b…
2009-11-13
Medium
CVE-2009-2816
The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS req…
2009-11-09
Medium
CVE-2009-3922
Multiple cross-site request forgery (CSRF) vulnerabilities in the User Protect module 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allow remote attackers to hijack the authenticati…
2009-10-26
Medium
CVE-2009-3785
Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via…
2009-10-22
High
CVE-2009-3759
Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators fo…
2009-10-09
Medium
CVE-2009-3656
Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users via unknown vectors.
2009-10-01
High
CVE-2009-3520
Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administra…
2009-09-18
Medium
CVE-2009-3248
Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system…
2009-09-17
Medium
CVE-2008-7243
Cross-site request forgery (CSRF) vulnerability in page 34 in MODx CMS 0.9.6.1 and 0.9.6.1p1 allows remote attackers to hijack the authentication of other users for requests that modify passwords via…
Medium
CVE-2008-7241
Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced lo…
2009-09-14
Medium
CVE-2008-7221
Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that (1) add new administrators or (2) modify user…
2009-09-11
Medium
CVE-2008-7214
Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of adminis…
Medium
CVE-2008-7204
Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
2009-09-10
Critical
CVE-2007-6730
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for request…
2009-09-09
Medium
CVE-2008-7193
PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks by reading the PHPKITSID parameter from the HTTP Referer and us…
Medium
CVE-2008-7192
Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board (wBB) 3.0.1, and possibly other 3.x versions, allows remote attackers to hijack the authentication of users for r…
2009-09-04
Medium
CVE-2008-7165
Cross-site request forgery in cp06_wifi_m_nocifr.cgi in the administrator panel in TELECOM ITALIA Alice Gate2 Plus Wi-Fi allows remote attackers to hijack the authentication of administrators for req…
2009-09-01
Medium
CVE-2008-7151
Cross-site request forgery (CSRF) vulnerability in Live 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to hijack the authentication of unspecified privileged users for requests that…
Medium
CVE-2008-7139
Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy in Eye-Fi 1.1.2 allow remote attackers to hijack the authentication of users for requests that modify configuration via a SOAPAc…
2009-08-31
Medium
CVE-2009-3022
Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change conte…
2009-08-25
Medium
CVE-2009-2964
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via f…
Medium
CVE-2008-7082
MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers…
2009-08-24
Medium
CVE-2008-7058
Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4 allows remote attackers to hijack the authentication of administrators and force a logout via adminpanel/logout.php.
Medium
CVE-2008-7032
Web Management Console Cross-site request forgery (CSRF) vulnerability in the web management console in F5 BIG-IP 9.4.3 allows remote attackers to hijack the authentication of administrators for requ…
2009-08-21
Medium
CVE-2008-7016
tnftpd before 20080929 splits large command strings into multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unknown vectors, probably involving…
2009-08-14
Medium
CVE-2009-2677
Cross-site request forgery (CSRF) vulnerability in HP Insight Control Suite For Linux (aka ICE-LX) before 2.11 allows remote attackers to hijack the authentication of unspecified victims via unknown…
Medium
CVE-2008-6975
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp2 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary…
Medium
CVE-2008-6974
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) execut…
2009-08-12
Medium
CVE-2008-6949
Multiple cross-site request forgery (CSRF) vulnerabilities in Collabtive 0.4.8 allow remote attackers to hijack the authentication of administrators for requests that (1) submit or edit a new project…
2009-08-11
Medium
CVE-2009-2738
Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.
2009-08-06
Medium
CVE-2008-6905
Cross-site request forgery (CSRF) vulnerability in index.php in BabbleBoard 1.1.6 allows remote authenticated users to hijack the authentication of administrators for requests that delete (1) categor…
2009-07-22
Medium
CVE-2009-2572
Cross-site request forgery (CSRF) vulnerability in the Fivestar module 5.x-1.x before 5.x-1.14 and 6.x-1.x before 6.x-1.14, a module for Drupal, allows remote attackers to hijack the authentication o…
2009-07-05
Medium
CVE-2009-2323
The web interface on the Axesstel MV 410R redirects users back to the referring page after execution of some CGI scripts, which makes it easier for remote attackers to avoid detection of cross-site r…
2009-06-27
Medium
CVE-2008-6836
Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identit…
2009-06-22
Medium
CVE-2009-2150
Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via l…
2009-06-19
Medium
CVE-2009-2129
Cross-site request forgery (CSRF) vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action.
2009-06-15
Medium
CVE-2009-2073
Cross-site request forgery (CSRF) vulnerability in Linksys WRT160N wireless router hardware 1 and firmware 1.02.2 allows remote attackers to hijack the authentication of other users for unspecified r…
2009-06-08
Low
CVE-2009-2006
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) search_term parameter to main/auth…
Medium
CVE-2009-2005
Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items vi…
Medium
CVE-2008-6832
Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Enterprise Edition 3.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the p…
2009-06-04
Medium
CVE-2008-6823
Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface on the A-LINK WL54AP3 and WL54AP2 access points before firmware 1.4.2-eng1 allow remote attackers to hijack the…
2009-05-28
Medium
CVE-2009-1802
Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for…
2009-05-22
Medium
CVE-2009-1757
Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
2009-05-20
Medium
CVE-2009-1733
Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows remote attackers to hijack the authentication of administrators for requests that (1) change the password, (2) add users, or (3)…
2009-05-14
Medium
CVE-2009-1464
Multiple cross-site request forgery (CSRF) vulnerabilities in index.aas in Application Access Server (A-A-S) 2.0.48 allow remote attackers to hijack the authentication of administrators for requests…
2009-05-07
Medium
CVE-2008-6801
Cross-site request forgery (CSRF) vulnerability in Vivvo CMS before 4.0.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
2009-05-06
Medium
CVE-2009-1576
Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims i…
Medium
CVE-2009-1561
Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary…
2009-05-04
Medium
CVE-2009-1518
Cross-site request forgery (CSRF) vulnerability in Beltane before 2.3.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this…
2009-04-30
Medium
CVE-2009-1434
Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or…
Medium
CVE-2009-1339
Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated…
2009-04-28
Medium
CVE-2009-1459
Cross-site request forgery (CSRF) vulnerability in razorCMS before 0.4 allows remote attackers to hijack the authentication of administrators for requests that create a web page containing PHP code.
Medium
CVE-2009-1455
Multiple cross-site request forgery (CSRF) vulnerabilities in WebCollab before 2.50 (aka Billy Goat) allow remote attackers to hijack the authentication of administrators for requests that change an…
Medium
CVE-2008-6758
Cross-site request forgery (CSRF) vulnerability in cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to hijack the authentication of arbitrary users for requests that conduc…
2009-04-23
Medium
CVE-2008-6744
Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspeci…
2009-04-20
Medium
CVE-2008-6729
Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify…
2009-04-17
Medium
CVE-2009-0039
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authenticatio…
2009-04-13
Medium
CVE-2009-1290
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H…
2009-04-09
Medium
CVE-2009-1280
Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via un…
2009-04-07
Medium
CVE-2008-6657
Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for r…
Medium
CVE-2008-6639
Cross-site request forgery (CSRF) vulnerability in admin.php in AjaXplorer 2.3.3 and 2.3.4 allows remote attackers to hijack the authentication of administrators for requests that modify passwords vi…
2009-04-06
Medium
CVE-2008-6605
Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.…
2009-04-03
Medium
CVE-2008-6587
Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze (formerly Azureus HTML WebUI), probably 0.7.6, allows remote attackers to hijack the authentication of users for requests that fo…
Medium
CVE-2008-6586
Cross-site request forgery (CSRF) vulnerability in gui/index.php in µTorrent (uTorrent) WebUI 0.315 allows remote attackers to (1) hijack the authentication of users for requests that force the downl…
Medium
CVE-2008-6585
Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the…
2009-04-01
Medium
CVE-2009-1213
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrar…
2009-03-26
Medium
CVE-2008-6532
Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser v…
2009-03-20
Medium
CVE-2009-1036
Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI.
Medium
CVE-2008-6502
Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remote authenticated users to select an arbitrary local PHP script as an avatar via a .. (dot dot) in the avatar parameter, and cause…
Medium
CVE-2008-6498
Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the authentication of users for requests that change a certain .htaccess…
2009-03-19
Medium
CVE-2009-0969
Cross-site request forgery (CSRF) vulnerability in account/settings/account/index.php in phpFoX 1.6.21 allows remote attackers to hijack the authentication of administrators for requests that change…
2009-03-18
Medium
CVE-2009-0940
Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the int…
2009-03-16
Medium
CVE-2008-6480
Cross-site request forgery (CSRF) vulnerability in engine/modules/imagepreview.php in Datalife Engine 6.7 allows remote attackers to hijack the authentication of arbitrary users for requests that use…
Medium
CVE-2008-6479
Cross-site request forgery (CSRF) vulnerability in the "change password" feature in the VZPP web interface for Parallels Virtuozzo 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to mod…
Medium
CVE-2008-6478
Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft)…
2009-03-09
Medium
CVE-2008-6449
Cross-site request forgery (CSRF) vulnerability in multiple Century Systems routers including XR-410 before 1.6.9, XR-510 before 3.5.3, XR-440 before 1.7.8, and other XR series routers from XR-510 to…
2009-03-02
Medium
CVE-2008-6384
Multiple cross-site request forgery (CSRF) vulnerabilities in Comment Mail 5.x before 5.x-1.1, a module for Drupal, allow remote attackers to hijack the authentication of administrators.
2009-02-27
Medium
CVE-2008-6331
Multiple cross-site request forgery (CSRF) vulnerabilities in Streber before 0.08093 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.