Total
6529 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1157 | 1 Jboss | 1 Jboss | 2024-11-21 | 7.6 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733. | |||||
| CVE-2007-0044 | 1 Adobe | 3 Acrobat, Acrobat 3d, Acrobat Reader | 2024-11-21 | 4.3 MEDIUM | N/A |
| Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." | |||||
| CVE-2006-6741 | 1 Mkportal | 1 Mkportal | 2024-11-21 | 5.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag. | |||||
| CVE-2006-6701 | 1 Atmail | 1 Atmail Webmail | 2024-11-21 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail. | |||||
| CVE-2006-5175 | 1 Buffalotech | 1 Terastation Hd-htgl Firmware | 2024-11-21 | 7.6 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administrative interface for the TeraStation HD-HTGL firmware 2.05 beta 1 and earlier allows remote attackers to modify configurations or delete arbitrary data via unspecified vectors. | |||||
| CVE-2005-3348 | 1 Phpsysinfo | 1 Phpsysinfo | 2024-11-21 | 4.3 MEDIUM | N/A |
| HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter. | |||||
| CVE-2005-2059 | 1 Ubbcentral | 1 Ubb.threads | 2024-11-20 | 5.0 MEDIUM | 6.5 MEDIUM |
| Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag. | |||||
| CVE-2005-1947 | 1 Invisioncommunity | 1 Gallery | 2024-11-20 | 5.0 MEDIUM | 4.3 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions. | |||||
| CVE-2005-1674 | 1 Helpcenterlive | 1 Help Center Live | 2024-11-20 | 7.5 HIGH | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php. | |||||
| CVE-2004-1995 | 1 Fusetalk | 1 Fusetalk | 2024-11-20 | 7.5 HIGH | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm. | |||||
| CVE-2004-1967 | 1 Openbb | 1 Openbb | 2024-11-20 | 7.5 HIGH | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link. | |||||
| CVE-2004-1842 | 1 Phpnuke | 1 Php-nuke | 2024-11-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php. | |||||
| CVE-2004-1703 | 1 Fusionphp | 1 Fusion News | 2024-11-20 | 7.5 HIGH | 8.8 HIGH |
| Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag. | |||||
| CVE-2002-2426 | 1 Citrix | 3 Access Essentials, Metaframe Presentation Server, Presentation Server | 2024-11-20 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2024-52401 | 2024-11-20 | N/A | 9.6 CRITICAL | ||
| Cross-Site Request Forgery (CSRF) vulnerability in 荒野无灯 Hacklog DownloadManager allows Upload a Web Shell to a Web Server.This issue affects Hacklog DownloadManager: from n/a through 2.1.4. | |||||
| CVE-2024-52424 | 1 Sureshkumar | 1 Wp-login Customizer | 2024-11-20 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Suresh Kumar wp-login customizer allows Stored XSS.This issue affects wp-login customizer: from n/a through 1.0. | |||||
| CVE-2024-51632 | 2024-11-19 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Sam Hoe SH Slideshow allows Stored XSS.This issue affects SH Slideshow: from n/a through 4.3. | |||||
| CVE-2024-51634 | 2024-11-19 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Webriti WordPress Themes & Plugins Shop Webriti Custom Login allows Reflected XSS.This issue affects Webriti Custom Login: from n/a through 0.3. | |||||
| CVE-2024-51638 | 2024-11-19 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Sanjeev Mohindra Awesome Shortcodes For Genesis allows Stored XSS.This issue affects Awesome Shortcodes For Genesis: from n/a through .8. | |||||
| CVE-2024-50533 | 2024-11-19 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in David Garcia Domain Sharding allows Stored XSS.This issue affects Domain Sharding: from n/a through 1.2.1. | |||||