ReportizFlow
Filtered by vendor
Subscriptions
Total
8880 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0486 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | N/A |
| Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users. | ||||
| CVE-2007-6320 | 1 Drupal | 1 Feature Module | 2025-04-09 | N/A |
| Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks. | ||||
| CVE-2008-0228 | 1 Linksys | 1 Wrt54gl | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators. | ||||
| CVE-2009-1213 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing. | ||||
| CVE-2009-1280 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2009-1290 | 1 Ibm | 2 Advanced Management Module, Bladecenter | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script. | ||||
| CVE-2009-1455 | 1 Andrew Simpson | 1 Webcollab | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in WebCollab before 2.50 (aka Billy Goat) allow remote attackers to hijack the authentication of administrators for requests that change an arbitrary password or have other unspecified impact. | ||||
| CVE-2009-1561 | 1 Cisco | 1 Wrt54gc | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator password via the sysPasswd and sysConfirmPasswd parameters. | ||||
| CVE-2008-5565 | 1 Dinkumsoft | 1 Dl Paycart | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/settings.php in DL PayCart 1.34 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters. | ||||
| CVE-2008-4899 | 1 Planetluc | 1 Rateme | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Planetluc RateMe 1.3.3 allows remote attackers to perform unauthorized actions as other users via unspecified vectors. | ||||
| CVE-2008-5941 | 1 Modxcms | 1 Modxcms | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors. | ||||
| CVE-2008-5028 | 2 Nagios, Op5 | 2 Nagios, Monitor | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests. | ||||
| CVE-2009-0468 | 1 Armorlogic | 1 Profense Web Application Firewall | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown the server, (2) send ping packets, (3) enable network services, (4) configure a proxy server, and (5) modify other settings via parameters in the query string. | ||||
| CVE-2008-1250 | 1 Snom | 1 320 Sip Phone | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the central phone server for the Snom 320 SIP Phone allow remote attackers to perform actions as the phone user, as demonstrated by inserting an address-book entry containing an XSS sequence. | ||||
| CVE-2009-2129 | 1 Elvinbts | 1 Elvinbts | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action. | ||||
| CVE-2008-6832 | 1 Atlassian | 1 Jira | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Enterprise Edition 3.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-4092 | 1 Simplog | 1 Simplog | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in user.php in Simplog 0.9.3.2, and possibly earlier, allows remote attackers to hijack the authentication of administrators and users for requests that change passwords. | ||||
| CVE-2008-5113 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection. | ||||
| CVE-2009-3656 | 2 Drupal, Tim Nelson | 2 Drupal, Shared Sign-on | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users via unknown vectors. | ||||
| CVE-2009-3784 | 2 Drupal, Sjoerd Arendsen | 2 Drupal, Simplenews Statistics | 2025-04-09 | N/A |
| Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||