| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site request forgery (CSRF) vulnerability in index.php in the File Manager module in Flatnuke 3 allows remote attackers to perform certain actions as administrators via requests containing the pathname in the dir parameter and the filename in the ffile parameter. |
| Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 allows remote attackers to log out a user via a link or IMG tag to log_off_user.asp. |
| Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php. |
| Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733. |
| Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request. |
| Cross-site request forgery (CSRF) vulnerability in HP Insight Control Suite For Linux (aka ICE-LX) before 2.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
| Cross-site request forgery (CSRF) vulnerability in admin/settings.php in DL PayCart 1.34 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors. |
| Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors. |
| Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php. |
| Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors. |
| Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities. |
| Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
| Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in PHParanoid before 0.4 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) admin.php or (2) private messages. |
| Cross-site request forgery (CSRF) vulnerability in 1024 CMS 1.2.5 allows remote attackers to perform some actions as administrators, as demonstrated by (1) an unspecified action that creates a file containing PHP code and (2) unspecified use of the forum component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters. |
| Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi. |
