Export limit exceeded: 10271 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10271 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6449 | 1 Centurysys | 9 Xr-1100, Xr-410, Xr-410-l2 and 6 more | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in multiple Century Systems routers including XR-410 before 1.6.9, XR-510 before 3.5.3, XR-440 before 1.7.8, and other XR series routers from XR-510 to XR-730 allows remote attackers to modify configuration as the administrator via unknown vectors. | ||||
| CVE-2007-1276 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename. | ||||
| CVE-2008-6169 | 1 Drupal | 2 Localization Client, Localization Server | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Localization client 5.x before 5.x-1.1 and 6.x before 6.x-1.6 and the Localization server 5.x before 5.x-1.0-alpha5 and 6.x before 6.x-alpha2, modules for Drupal, allows remote attackers to perform unauthorized actions as administrators via unspecified vectors related to the "local translation submission interface." | ||||
| CVE-2008-3392 | 1 Webwizguide | 1 Web Wiz Forum | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 allows remote attackers to log out a user via a link or IMG tag to log_off_user.asp. | ||||
| CVE-2008-3323 | 1 Redhat | 1 Cygwin | 2026-04-23 | N/A |
| setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package. | ||||
| CVE-2008-2531 | 1 Buildanichestore3 | 1 Bans | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the search script in Build A Niche Store (BANS) 3.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2006-6741 | 1 Mkportal | 1 Mkportal | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag. | ||||
| CVE-2006-6701 | 1 Atmail | 1 Atmail Webmail | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail. | ||||
| CVE-2008-7241 | 1 Punbb | 1 Punbb | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout. | ||||
| CVE-2008-3220 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings." | ||||
| CVE-2008-6384 | 1 Drupal | 1 Comment Mail | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Comment Mail 5.x before 5.x-1.1, a module for Drupal, allow remote attackers to hijack the authentication of administrators. | ||||
| CVE-2008-4448 | 1 Positive Software | 1 H-sphere | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) futils, or (3) edit actions. | ||||
| CVE-2007-1489 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| Unspecified vulnerability in web-app.org Web Automated Perl Portal (WebAPP) 0.9.9.4 to 0.9.9.6 allows remote attackers to obtain admin access by modifying cookies and performing "certain consecutive actions," possibly due to a cross-site request forgery (CSRF) vulnerability. | ||||
| CVE-2007-5918 | 1 Ms Topsites | 1 Ms Topsites | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an arbitrary user via a modified uname value in an edit action to modules.php. | ||||
| CVE-2008-6331 | 1 Streber-pm | 1 Streber | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Streber before 0.08093 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2009-3633 | 1 Typo3 | 1 Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm. | ||||
| CVE-2009-2816 | 4 Apple, Fedoraproject, Google and 1 more | 5 Iphone Os, Safari, Fedora and 2 more | 2026-04-23 | N/A |
| The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. | ||||
| CVE-2009-1797 | 1 Apc | 2 Network Management Card, Switched Rack Pdu | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1) administrator or (2) device users for requests that create new administrative users or have unspecified other impact. | ||||
| CVE-2008-1106 | 2 Akamai Technologies, Red Swoosh | 2 Client, Client | 2026-04-23 | N/A |
| The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files. | ||||
| CVE-2008-3925 | 1 Hans Oesterholt | 1 Cmme | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in Content Management Made Easy (CMME) 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action. | ||||