Export limit exceeded: 10339 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10339 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-1104 1 Mutare 1 Evm 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Mutare EVM allow remote attackers to hijack the authentication of arbitrary users for requests that (1) change a PIN, (2) delete messages, (3) add a delivery address, or (4) change a delivery address.
CVE-2011-1026 1 Apache 1 Archiva 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
CVE-2011-0277 1 Hp 1 Power Manager 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.
CVE-2010-4881 1 Apphp 1 Apphp Calendar 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in calendar.class.php in ApPHP Calendar (ApPHP CAL) allow remote attackers to hijack the authentication of unspecified victims for requests that use the (1) category_name, (2) category_description, (3) event_name, or (4) event_description parameter.
CVE-2010-4750 1 Blogcms 1 Blog\ 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN.php in BLOG:CMS 4.2.1.e, and possibly earlier, allows remote attackers to hijack the authentication of administrators.
CVE-2010-4729 1 Zikula 1 Zikula Application Framework 2025-04-11 N/A
Zikula before 1.2.3 does not use the authid protection mechanism for (1) the lostpassword form and (2) mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery (CSRF) attacks via multiple form submissions.
CVE-2010-3464 1 Santafox 1 Santafox 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in admin/manager_users.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests, as demonstrated by adding administrative users via the save_admin action to admin/index.php.
CVE-2010-3449 2 Apache, Jesse Mcconnell 2 Archiva, Redback 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; allows remote attackers to hijack the authentication of administrators for requests that modify credentials.
CVE-2010-3030 1 Tomaz-muraus 1 Open Blog 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-3024 1 Hulihanapplications 1 Diamondlist 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration.
CVE-2010-2345 1 Odcms 1 Odcms 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in odCMS 1.06, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password, and other unspecified requests.
CVE-2010-2294 1 Pxsystem 1 Plume-cms 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in Plume CMS 1.2.4 and possibly earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.
CVE-2010-2282 1 Tomatocms 1 Tomatocms 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in TomatoCMS 2.0.6 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password.
CVE-2010-2025 1 Cisco 1 Scientific Atlanta Webstar Dpc2100r2 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl.
CVE-2010-2007 1 Letodms 1 Letodms 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) 1.7.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that use (1) op/op.EditUserData.php, (2) op/op.UsrMgr.php, (3) out/out.RemoveVersion.php, (4) op/op.RemoveFolder.php, (5) op/op.DefaultKeywords.php, (6) op/op.GroupMgr.php, (7) op/op.FolderAccess.php, (8) op/op.FolderNotify.php, or (9) op.MoveFolder.php in mydms.
CVE-2010-1971 2 Hp, Microsoft 2 Insight Software Installer, Windows 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1968.
CVE-2010-1968 2 Hp, Microsoft 2 Insight Software Installer, Windows 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1971.
CVE-2010-1244 1 Apache 1 Activemq 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
CVE-2010-1150 1 Mediawiki 1 Mediawiki 2025-04-11 N/A
MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a "login CSRF" issue.
CVE-2010-0785 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.