Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke PBX 2.4.4.8 allows remote attackers to hijack the authentication of users for requests that change passwords via the pbxadmin.web.PbxUserEdit bean.
Max CVSS
2.6
EPSS Score
0.15%
Published
2010-05-28
Updated
2010-06-01
Multiple cross-site request forgery (CSRF) vulnerabilities in The Uniform Server 5.6.5 allow remote attackers to hijack the authentication of administrators for requests that change passwords via (1) apsetup.php, (2) psetup.php, (3) sslpsetup.php, or (4) mqsetup.php.
Max CVSS
3.5
EPSS Score
0.15%
Published
2010-05-28
Updated
2017-08-17
Cross-site request forgery (CSRF) vulnerability in user/user-set.do in Pacific Timesheet 6.74 build 363 allows remote attackers to hijack the authentication of administrators for requests that create a new administrator via a new_admin action.
Max CVSS
4.3
EPSS Score
0.15%
Published
2010-05-28
Updated
2017-08-17
Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an Admin_Users action to index.php. NOTE: some of these details are obtained from third party information.
Max CVSS
6.8
EPSS Score
1.50%
Published
2010-05-25
Updated
2017-08-17
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl.
Max CVSS
6.8
EPSS Score
0.15%
Published
2010-05-26
Updated
2010-05-27
Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) 1.7.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that use (1) op/op.EditUserData.php, (2) op/op.UsrMgr.php, (3) out/out.RemoveVersion.php, (4) op/op.RemoveFolder.php, (5) op/op.DefaultKeywords.php, (6) op/op.GroupMgr.php, (7) op/op.FolderAccess.php, (8) op/op.FolderNotify.php, or (9) op.MoveFolder.php in mydms.
Max CVSS
6.8
EPSS Score
0.55%
Published
2010-05-20
Updated
2018-10-10
Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action).
Max CVSS
6.8
EPSS Score
0.08%
Published
2010-05-06
Updated
2010-05-11
Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a page via a q=admin/build/pages/nojs/enable/ value or (2) disable a page via a q=admin/build/pages/nojs/disable/ value.
Max CVSS
6.8
EPSS Score
0.30%
Published
2010-05-21
Updated
2017-08-17
Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI before 7.7.14 allow remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.
Max CVSS
6.8
EPSS Score
0.16%
Published
2010-05-26
Updated
2017-08-17
Multiple cross-site request forgery (CSRF) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new user account via a save action to tvserver/user/user.do, (2) shutdown a virtual machine, (3) start a virtual machine, (4) restart a virtual machine, or (5) schedule an activity.
Max CVSS
6.8
EPSS Score
0.53%
Published
2010-05-07
Updated
2018-10-10
10 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!