The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.
Max CVSS
10.0
EPSS Score
1.26%
Published
2008-11-21
Updated
2009-01-29
Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators.
Max CVSS
9.3
EPSS Score
0.18%
Published
2008-01-10
Updated
2018-10-15
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the central phone server for the Snom 320 SIP Phone allow remote attackers to perform actions as the phone user, as demonstrated by inserting an address-book entry containing an XSS sequence.
Max CVSS
9.3
EPSS Score
0.13%
Published
2008-03-10
Updated
2018-10-11
Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
1.10%
Published
2008-09-18
Updated
2023-05-22
Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola Surfboard with software SB5100-2.3.3.0-SCM00-NOSH allow remote attackers to (1) cause a denial of service (device reboot) via the "Restart Cable Modem" value in the BUTTON_INPUT parameter to configdata.html, and (2) cause a denial of service (hard reset) via the "Reset All Defaults" value in the BUTTON_INPUT parameter to configdata.html.
Max CVSS
7.8
EPSS Score
1.34%
Published
2008-04-28
Updated
2018-10-11
Cross-site request forgery (CSRF) vulnerability in the management interface in multiple Yamaha RT series routers allows remote attackers to change password settings and probably other configuration settings as administrators via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.23%
Published
2008-01-31
Updated
2017-08-08
Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, and possibly earlier versions, allows remote attackers to perform unauthorized actions as authorized users via a link or IMG tag to RAServer.
Max CVSS
7.5
EPSS Score
0.34%
Published
2008-02-19
Updated
2017-08-08
Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors.
Max CVSS
7.5
EPSS Score
0.23%
Published
2008-08-21
Updated
2017-08-08
ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
Max CVSS
7.5
EPSS Score
9.38%
Published
2008-09-25
Updated
2012-10-23
Cross-site request forgery (CSRF) vulnerability in the wpcr_do_options_page function in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to perform unauthorized actions as administrators via a request that sets the wpcr_hidden_form_input parameter.
Max CVSS
7.5
EPSS Score
0.21%
Published
2008-10-24
Updated
2018-10-11
The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files.
Max CVSS
7.1
EPSS Score
0.24%
Published
2008-06-09
Updated
2018-10-11
Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors.
Max CVSS
6.8
EPSS Score
0.31%
Published
2008-01-04
Updated
2018-10-15
Cross-site request forgery (CSRF) vulnerability in deans_permalinks_migration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure (aka dean_pm_config[oldstructure]) configuration setting as administrators via the old_struct parameter in a deans_permalinks_migration.php action to wp-admin/options-general.php, as demonstrated by placing an XSS sequence in this setting.
Max CVSS
6.8
EPSS Score
0.40%
Published
2008-01-31
Updated
2018-10-15
Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the authentication of arbitrary users for requests that delete private messages (PM) via a delete action to private.php.
Max CVSS
6.8
EPSS Score
0.44%
Published
2008-02-15
Updated
2009-08-20
Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXEL P-660HW series router allow remote attackers to (1) change DNS servers and (2) add keywords to the "bannedlist" via unspecified vectors.
Max CVSS
6.8
EPSS Score
0.33%
Published
2008-03-10
Updated
2018-10-11
Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board Lite (wBB) 2 Beta 1 allows remote attackers to delete threads as other users via the ThreadDelete action.
Max CVSS
6.8
EPSS Score
0.33%
Published
2008-03-13
Updated
2018-10-11
Multiple cross-site request forgery (CSRF) vulnerabilities in Nuke ET 3.2 and 3.4 allow remote attackers to perform actions as administrators, as demonstrated by inserting an XSS sequence into a document.
Max CVSS
6.8
EPSS Score
0.13%
Published
2008-04-10
Updated
2017-08-08
Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors.
Max CVSS
6.8
EPSS Score
0.13%
Published
2008-04-27
Updated
2019-08-01
Cross-site request forgery (CSRF) vulnerability in manage_user_create.php in Mantis 1.1.1 allows remote attackers to create new administrative users via a crafted link.
Max CVSS
6.8
EPSS Score
0.35%
Published
2008-05-16
Updated
2017-09-29
Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 allows remote attackers to hijack the authentication of super administrators for requests that create super administrator accounts.
Max CVSS
6.8
EPSS Score
0.21%
Published
2008-11-03
Updated
2018-10-11
Cross-site request forgery (CSRF) vulnerability in Blogn (BURO GUN) 1.9.7 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make content modifications. NOTE: some of these details are obtained from third party information.
Max CVSS
6.8
EPSS Score
0.16%
Published
2008-09-02
Updated
2017-08-08
ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
Max CVSS
6.8
EPSS Score
1.60%
Published
2008-09-25
Updated
2017-08-08
Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) futils, or (3) edit actions.
Max CVSS
6.8
EPSS Score
0.30%
Published
2008-10-06
Updated
2017-08-08
Cross-site request forgery (CSRF) vulnerability in Planetluc RateMe 1.3.3 allows remote attackers to perform unauthorized actions as other users via unspecified vectors.
Max CVSS
6.8
EPSS Score
0.16%
Published
2008-11-04
Updated
2017-08-08
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.
Max CVSS
6.8
EPSS Score
2.72%
Published
2008-11-10
Updated
2017-08-08
86 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!