Export limit exceeded: 10339 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10339 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1276 2 Usermin, Webmin 2 Usermin, Webmin 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.
CVE-2007-4541 1 Olate 1 Olatedownload 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php.
CVE-2007-4544 1 Wordpress 1 Wordpress Mu 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field).
CVE-2007-5213 1 Axis 2 2100 Network Camera, 2100 Network Camera Firmware 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page.
CVE-2007-5229 1 Feedburner 1 Feedsmith 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the FeedBurner FeedSmith 2.2 plugin for WordPress allows remote attackers to change settings and hijack blog feeds via a request to wp-admin/options-general.php that submits parameter values to FeedBurner_FeedSmith_Plugin.php, as demonstrated by the (1) feedburner_url and (2) feedburner_comments_url parameters.
CVE-2007-5251 1 Webhost Automation 1 Helm Web Hosting Control Panel 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Helm 3.2.16 allow remote attackers to inject arbitrary web script or HTML via (1) the showOption parameter to domain.asp, or the (2) Folder or (3) StartPath parameter to FileManager.asp.
CVE-2007-5259 1 Ilient 1 Sysaid 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Ilient SysAid 4.5.03 and 4.5.04 allows remote attackers to perform some actions as administrators, as demonstrated by changing the administrator password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5384 2 Alcatel, Bt 2 Speedtouch 7g Router, Home Hub 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to perform actions as administrators via unspecified POST requests, as demonstrated by enabling an inbound remote-assistance HTTPS session on TCP port 51003. NOTE: an authentication bypass can be leveraged to exploit this in the absence of an existing administrative session. NOTE: SpeedTouch 780 might also be affected by some of these issues.
CVE-2007-6087 1 Vigilecms 1 Vigilecms 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in index.php in VigileCMS 1.4 allows remote attackers to change the admin password via certain parameters to the changepass module.
CVE-2008-0164 1 Plone 1 Plone Cms 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page.
CVE-2008-0165 1 Ikiwiki 1 Ikiwiki 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.
CVE-2008-0182 1 Liferay 1 Liferay Enterprise Portal 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message.
CVE-2008-0198 1 Wp-contactform Project 1 Wp-contactform 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php.
CVE-2008-0228 1 Linksys 1 Wrt54gl 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators.
CVE-2008-0266 1 Eticket 1 Eticket 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability.
CVE-2008-0271 1 Drupal 1 Bueditor 2026-04-23 N/A
The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete custom editor interfaces.
CVE-2008-0272 1 Drupal 1 Drupal 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users.
CVE-2008-0336 1 Bugtracker.net 1 Bugtracker.net 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in BugTracker.NET before 2.7.2 allow remote attackers to delete arbitrary bugs and perform other administrative tasks via unspecified vectors, possibly related to delete_*.aspx pages, and massedit.aspx, subscribe.aspx, flag.aspx, and relationships.aspx.
CVE-2008-1106 2 Akamai Technologies, Red Swoosh 2 Client, Client 2026-04-23 N/A
The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files.
CVE-2008-1719 1 Truzone 1 Nuke Et 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Nuke ET 3.2 and 3.4 allow remote attackers to perform actions as administrators, as demonstrated by inserting an XSS sequence into a document.