Export limit exceeded: 10706 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 10314 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10314 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6639 1 Ajaxplorer 1 Ajaxplorer 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in admin.php in AjaXplorer 2.3.3 and 2.3.4 allows remote attackers to hijack the authentication of administrators for requests that modify passwords via the update_user_pwd action.
CVE-2007-6390 1 Serendipity 1 Serendipity 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page.
CVE-2007-5109 1 Flatnuke 1 Flatnuke 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified (1) regpass and (2) level parameters in a none_Login action, as demonstrated by using a Flash object to automatically make the request.
CVE-2008-0228 1 Linksys 1 Wrt54gl 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators.
CVE-2008-0198 1 Wp-contactform Project 1 Wp-contactform 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php.
CVE-2008-0182 1 Liferay 1 Liferay Enterprise Portal 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message.
CVE-2008-0165 1 Ikiwiki 1 Ikiwiki 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.
CVE-2008-0164 1 Plone 1 Plone Cms 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page.
CVE-2007-6320 1 Drupal 1 Feature Module 2026-04-23 N/A
Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.
CVE-2007-6300 1 Fusion News 1 Fusion News 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors.
CVE-2007-6087 1 Vigilecms 1 Vigilecms 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in index.php in VigileCMS 1.4 allows remote attackers to change the admin password via certain parameters to the changepass module.
CVE-2007-5594 2 Drupal, Fedoraproject 2 Drupal, Fedora 2026-04-23 N/A
Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.
CVE-2007-5575 1 Treble Designs 1 1024 Cms 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in 1024 CMS 1.2.5 allows remote attackers to perform some actions as administrators, as demonstrated by (1) an unspecified action that creates a file containing PHP code and (2) unspecified use of the forum component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5572 1 Sphpblog 1 Sphpblog 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Blog (SPHPBlog) 0.4.9 allow remote attackers to perform delete actions as administrators via (1) the block_id parameter to add_block.php or (2) the link_id parameter to add_link.php.
CVE-2007-4544 1 Wordpress 1 Wordpress Mu 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field).
CVE-2007-4541 1 Olate 1 Olatedownload 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php.
CVE-2007-2589 2 Redhat, Squirrelmail 2 Enterprise Linux, Squirrelmail 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element.
CVE-2007-1489 1 Web-app.org 1 Webapp 2026-04-23 N/A
Unspecified vulnerability in web-app.org Web Automated Perl Portal (WebAPP) 0.9.9.4 to 0.9.9.6 allows remote attackers to obtain admin access by modifying cookies and performing "certain consecutive actions," possibly due to a cross-site request forgery (CSRF) vulnerability.
CVE-2007-1276 2 Usermin, Webmin 2 Usermin, Webmin 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.
CVE-2007-0044 2 Adobe, Redhat 4 Acrobat, Acrobat 3d, Acrobat Reader and 1 more 2026-04-23 N/A
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."