Cross-site request forgery (CSRF) vulnerability in razorCMS before 0.4 allows remote attackers to hijack the authentication of administrators for requests that create a web page containing PHP code.
Max CVSS
6.8
EPSS Score
0.36%
Published
2009-04-28
Updated
2017-08-17
Multiple cross-site request forgery (CSRF) vulnerabilities in WebCollab before 2.50 (aka Billy Goat) allow remote attackers to hijack the authentication of administrators for requests that change an arbitrary password or have other unspecified impact.
Max CVSS
6.8
EPSS Score
0.22%
Published
2009-04-28
Updated
2017-08-17
Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339.
Max CVSS
6.8
EPSS Score
0.30%
Published
2009-04-30
Updated
2017-08-17
Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434.
Max CVSS
6.0
EPSS Score
0.36%
Published
2009-04-30
Updated
2017-08-17
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.
Max CVSS
6.8
EPSS Score
0.52%
Published
2009-04-13
Updated
2018-10-10
Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.21%
Published
2009-04-09
Updated
2017-08-17
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing.
Max CVSS
6.8
EPSS Score
0.34%
Published
2009-04-01
Updated
2017-08-17
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
Max CVSS
6.8
EPSS Score
0.61%
Published
2009-04-17
Updated
2018-10-11
Cross-site request forgery (CSRF) vulnerability in cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to hijack the authentication of arbitrary users for requests that conduct persistent cross-site scripting (XSS) attacks via the cart_name parameter in a save action.
Max CVSS
6.8
EPSS Score
0.46%
Published
2009-04-28
Updated
2018-10-11
Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.33%
Published
2009-04-23
Updated
2017-08-17
Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (1) password or (2) email_address parameter.
Max CVSS
6.8
EPSS Score
0.54%
Published
2009-04-20
Updated
2017-09-29
Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action.
Max CVSS
6.8
EPSS Score
0.71%
Published
2009-04-07
Updated
2017-09-29
Cross-site request forgery (CSRF) vulnerability in admin.php in AjaXplorer 2.3.3 and 2.3.4 allows remote attackers to hijack the authentication of administrators for requests that modify passwords via the update_user_pwd action.
Max CVSS
6.8
EPSS Score
0.33%
Published
2009-04-07
Updated
2017-08-17
Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that cause a denial of service (network outage) via a page parameter with a % (percent) character followed by a non-alphanumeric character.
Max CVSS
6.8
EPSS Score
1.35%
Published
2009-04-06
Updated
2017-09-29
Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze (formerly Azureus HTML WebUI), probably 0.7.6, allows remote attackers to hijack the authentication of users for requests that force the download of arbitrary torrent files via the upurl parameter.
Max CVSS
6.8
EPSS Score
0.30%
Published
2009-04-03
Updated
2018-10-11
Cross-site request forgery (CSRF) vulnerability in gui/index.php in µTorrent (uTorrent) WebUI 0.315 allows remote attackers to (1) hijack the authentication of users for requests that force the download of arbitrary torrent files via the add-url action and (2) hijack the authentication of administrators for requests that modify the administrator account via the setsetting action.
Max CVSS
6.8
EPSS Score
0.90%
Published
2009-04-03
Updated
2020-02-10
Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action.
Max CVSS
6.8
EPSS Score
1.08%
Published
2009-04-03
Updated
2018-10-11
17 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!