Export limit exceeded: 10326 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10326 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6701 | 1 Atmail | 1 Atmail Webmail | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail. | ||||
| CVE-2007-5032 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified add_name and add_radminsuper parameters. | ||||
| CVE-2007-5960 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Enterprise Linux and 1 more | 2026-04-23 | N/A |
| Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent. | ||||
| CVE-2008-6532 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database. | ||||
| CVE-2007-5060 | 1 Xcms | 1 Xcms | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the cpass functionality in an admin action in index.php in XCMS allows remote attackers to change arbitrary passwords via certain password_ and rpassword_ parameters, possibly related to timestamp values. | ||||
| CVE-2008-3716 | 1 Harmoni | 1 Harmoni | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Harmoni before 1.6.0 allows remote attackers to make administrative modifications via a (1) save or (2) delete action to an unspecified component. | ||||
| CVE-2008-3736 | 2 Spacetag, System Consultants | 2 Lacoodast, La Cooda Wiz | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (a) change passwords or (b) change configurations. | ||||
| CVE-2008-6480 | 1 Softnews Media Group | 1 Datalife Engine | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in engine/modules/imagepreview.php in Datalife Engine 6.7 allows remote attackers to hijack the authentication of arbitrary users for requests that use a modified image parameter. | ||||
| CVE-2007-6300 | 1 Fusion News | 1 Fusion News | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors. | ||||
| CVE-2008-3744 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) delete user access rules. | ||||
| CVE-2007-1276 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename. | ||||
| CVE-2008-3262 | 1 Claroline | 1 Claroline | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password. | ||||
| CVE-2008-1323 | 1 Woltlab | 1 Burning Board Lite | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board Lite (wBB) 2 Beta 1 allows remote attackers to delete threads as other users via the ThreadDelete action. | ||||
| CVE-2009-4572 | 1 Phpshop | 1 Phpshop | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 allows remote attackers to hijack the authentication of arbitrary users for requests that invoke the cartAdd function in a shop/cart action to the default URI. | ||||
| CVE-2007-6320 | 1 Drupal | 1 Feature Module | 2026-04-23 | N/A |
| Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks. | ||||
| CVE-2007-6087 | 1 Vigilecms | 1 Vigilecms | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in index.php in VigileCMS 1.4 allows remote attackers to change the admin password via certain parameters to the changepass module. | ||||
| CVE-2008-5113 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection. | ||||
| CVE-2008-5115 | 1 Sun | 1 Java System Identity Manager | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp. | ||||
| CVE-2009-0708 | 1 Semanticscuttle | 1 Semanticscuttle | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in SemanticScuttle before 0.91 allow remote attackers to (1) hijack the authentication of administrators via unknown vectors or (2) hijack the authentication of arbitrary users via vectors involving the profile page. | ||||
| CVE-2008-7082 | 1 Mybb | 1 Mybb | 2026-04-23 | N/A |
| MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection mechanism to hijack the authentication of moderators by reading the token from the HTTP Referer header. | ||||