| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
| Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy in Eye-Fi 1.1.2 allow remote attackers to hijack the authentication of users for requests that modify configuration via a SOAPAction parameter of (1) urn:SetOptions for autostart, (2) urn:SetDesktopSync for file upload, or (3) urn:SetFolderConfig for file download location or modification of authentication credentials; and (4) urn:AddNetwork for adding an arbitrary Service Set Identifier (SSID) to hijack the image upload. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors. |
| Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message. |
| Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors. |
| Cross-site request forgery (CSRF) vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Collabtive 0.4.8 allow remote attackers to hijack the authentication of administrators for requests that (1) submit or edit a new project, or (2) upload files to a project, or (3) attach files to messages via unknown vectors. NOTE: these issues can be leveraged with other vulnerabilities to create remote attack vectors that do not require authentication. |
| Cross-site request forgery (CSRF) vulnerability in index.php in BabbleBoard 1.1.6 allows remote authenticated users to hijack the authentication of administrators for requests that delete (1) categories or (2) groups; (3) ban users; or (4) delete users via the admin page. |
| Cross-site request forgery (CSRF) vulnerability in Vivvo CMS before 4.0.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
| Cross-site request forgery (CSRF) vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified (1) regpass and (2) level parameters in a none_Login action, as demonstrated by using a Flash object to automatically make the request. |
| Cross-site request forgery (CSRF) vulnerability in the cpass functionality in an admin action in index.php in XCMS allows remote attackers to change arbitrary passwords via certain password_ and rpassword_ parameters, possibly related to timestamp values. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to hijack the authentication of victims for requests that change passwords, and other unspecified requests, via unknown vectors. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in BugTracker.NET before 2.7.2 allow remote attackers to delete arbitrary bugs and perform other administrative tasks via unspecified vectors, possibly related to delete_*.aspx pages, and massedit.aspx, subscribe.aspx, flag.aspx, and relationships.aspx. |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi. |
| Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php in sBlog 0.7.3 Beta allows remote attackers to change arbitrary blocks as administrators. |
| Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Streber before 0.08093 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in SemanticScuttle before 0.91 allow remote attackers to (1) hijack the authentication of administrators via unknown vectors or (2) hijack the authentication of arbitrary users via vectors involving the profile page. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information. |