Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5621 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-09-29 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code. | |||||
| CVE-2008-5567 | 1 Bonzacart | 1 Bonza Cart | 2017-09-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/ad_settings.php in Bonza Cart 1.10 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters. | |||||
| CVE-2008-5565 | 1 Dinkumsoft | 1 Dl Paycart | 2017-09-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/settings.php in DL PayCart 1.34 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters. | |||||
| CVE-2008-5568 | 1 Ipn-mate | 1 Ipn Pro 3 | 2017-09-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the admin_id, newpass_1, and newpass_2 parameters. | |||||
| CVE-2008-2276 | 1 Matisbt | 1 Mantis | 2017-09-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in manage_user_create.php in Mantis 1.1.1 allows remote attackers to create new administrative users via a crafted link. | |||||
| CVE-2008-3080 | 1 Mywebland | 1 Mybloggie | 2017-09-29 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899. | |||||
| CVE-2008-3716 | 1 Harmoni | 1 Harmoni | 2017-09-29 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Harmoni before 1.6.0 allows remote attackers to make administrative modifications via a (1) save or (2) delete action to an unspecified component. | |||||
| CVE-2008-3925 | 1 Hans Oesterholt | 1 Cmme | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in Content Management Made Easy (CMME) 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action. | |||||
| CVE-2008-1654 | 1 Adobe | 1 Flash Player | 2017-09-29 | 4.3 MEDIUM | N/A |
| Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server. | |||||
| CVE-2007-6490 | 1 Falcon | 1 Series One Cms | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php. | |||||
| CVE-2007-5773 | 1 Flatnuke3 | 1 Flatnuke3 | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in index.php in the File Manager module in Flatnuke 3 allows remote attackers to perform certain actions as administrators via requests containing the pathname in the dir parameter and the filename in the ffile parameter. | |||||
| CVE-2014-6198 | 1 Ibm | 1 Security Network Protection Firmware | 2017-09-23 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Security Network Protection 5.3 before 5.3.1 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2014-6106 | 1 Ibm | 1 Security Identity Manager | 2017-09-22 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors. | |||||
| CVE-2015-1485 | 1 Symantec | 1 Data Loss Prevention | 2017-09-22 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators. | |||||
| CVE-2015-4274 | 1 Cisco | 1 Unified Intelligence Center | 2017-09-22 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936. | |||||
| CVE-2017-11350 | 1 Axesstel | 2 Mu553s, Mu553s Firmware | 2017-09-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axesstel MU553S MU55XS-V1.14 devices. | |||||
| CVE-2015-4281 | 1 Cisco | 1 Webex Meetings Server | 2017-09-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146. | |||||
| CVE-2015-2134 | 1 Hp | 1 System Management Homepage | 2017-09-21 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2015-0542 | 1 Emc | 1 Rsa Archer Egrc | 2017-09-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2011-0059 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site. | |||||