Search Results (9410 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0563 1 Liferay 1 Liferay Enterprise Portal 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format.
CVE-2009-4555 1 K-factor 1 Agoracart 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in AgoraCart 5.2.005 and 5.2.006 and AgoraCart GOLD 5.5.005 allow remote attackers to hijack the authentication of administrators for requests that (1) modify a .htaccess file via an unspecified request to protected/manager.cgi or (2) change the password of an administrative account.
CVE-2009-0112 1 Expinion 1 Poll Pro 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote attackers to create or modify accounts as administrators via the username, password, and name parameters.
CVE-2008-6744 1 Cybozu 3 Cybozu Dezie, Cybozu Garoon, Cybozu Office 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2008-6605 1 2wire 4 1701hg, 1800hw, 2071hg and 1 more 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that cause a denial of service (network outage) via a page parameter with a % (percent) character followed by a non-alphanumeric character.
CVE-2008-2276 1 Matisbt 1 Mantis 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in manage_user_create.php in Mantis 1.1.1 allows remote attackers to create new administrative users via a crafted link.
CVE-2008-6331 1 Streber-pm 1 Streber 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Streber before 0.08093 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2008-2002 1 Motorola 1 Surfboard 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola Surfboard with software SB5100-2.3.3.0-SCM00-NOSH allow remote attackers to (1) cause a denial of service (device reboot) via the "Restart Cable Modem" value in the BUTTON_INPUT parameter to configdata.html, and (2) cause a denial of service (hard reset) via the "Reset All Defaults" value in the BUTTON_INPUT parameter to configdata.html.
CVE-2008-1977 2 Internationalization Project, Localizer Project 2 Internationalization, Localizer 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the Internationalization (i18n) Drupal module 5.x before 5.x-2.3 and 5.x-1.1, and 6.x before 6.x-1.0 beta 1, allows remote attackers to change node translation relationships via unspecified vectors.
CVE-2008-6384 1 Drupal 1 Comment Mail 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Comment Mail 5.x before 5.x-1.1, a module for Drupal, allow remote attackers to hijack the authentication of administrators.
CVE-2008-1654 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2026-04-23 N/A
Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server.
CVE-2007-1276 2 Usermin, Webmin 2 Usermin, Webmin 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.
CVE-2006-6701 1 Atmail 1 Atmail Webmail 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail.
CVE-2008-1149 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
CVE-2008-6169 1 Drupal 2 Localization Client, Localization Server 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the Localization client 5.x before 5.x-1.1 and 6.x before 6.x-1.6 and the Localization server 5.x before 5.x-1.0-alpha5 and 6.x before 6.x-alpha2, modules for Drupal, allows remote attackers to perform unauthorized actions as administrators via unspecified vectors related to the "local translation submission interface."
CVE-2008-6048 1 Tangocms 1 Tangocms 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in TangoCMS before 2.2.0 allow remote attackers to hijack the authentication of administrators.
CVE-2008-0788 1 Mybb 1 Mybb 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the authentication of arbitrary users for requests that delete private messages (PM) via a delete action to private.php.
CVE-2008-2140 1 Rpath 1 Appliance Platform Agent 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the rootpw plugin in rPath Appliance Platform Agent 2 and 3 allows remote attackers to reset the root password as the administrator via a crafted URL.
CVE-2009-0485 1 Mozilla 1 Bugzilla 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi.
CVE-2007-5060 1 Xcms 1 Xcms 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the cpass functionality in an admin action in index.php in XCMS allows remote attackers to change arbitrary passwords via certain password_ and rpassword_ parameters, possibly related to timestamp values.