Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-11-10 | CVE-2007-5917 | Cross-Site Request Forgery (CSRF) vulnerability in Skalinks 1.5 Cross-site request forgery (CSRF) vulnerability in admin/admin_account.php in Skalinks 1.5 and earlier allows remote attackers to add arbitrary privileged accounts as administrators via the admin_name, admin_password, admin_type, and Add_admin parameters. | 6.8 |
| 2007-11-05 | CVE-2007-5818 | Cross-Site Request Forgery (CSRF) vulnerability in Sblog 0.7.3Beta Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php in sBlog 0.7.3 Beta allows remote attackers to change arbitrary blocks as administrators. | 7.6 |
| 2007-11-03 | CVE-2007-5799 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters. | 4.3 |
| 2007-11-01 | CVE-2007-5773 | Cross-Site Request Forgery (CSRF) vulnerability in Flatnuke3 Cross-site request forgery (CSRF) vulnerability in index.php in the File Manager module in Flatnuke 3 allows remote attackers to perform certain actions as administrators via requests containing the pathname in the dir parameter and the filename in the ffile parameter. | 4.3 |
| 2007-10-19 | CVE-2007-5594 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack. | 4.3 |
| 2007-10-18 | CVE-2007-5575 | Cross-Site Request Forgery (CSRF) vulnerability in Treble Designs 1024 CMS 1.2.5 Cross-site request forgery (CSRF) vulnerability in 1024 CMS 1.2.5 allows remote attackers to perform some actions as administrators, as demonstrated by (1) an unspecified action that creates a file containing PHP code and (2) unspecified use of the forum component. | 4.3 |
| 2007-10-18 | CVE-2007-5572 | Cross-Site Request Forgery (CSRF) vulnerability in Sphpblog 0.4.9 Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Blog (SPHPBlog) 0.4.9 allow remote attackers to perform delete actions as administrators via (1) the block_id parameter to add_block.php or (2) the link_id parameter to add_link.php. | 4.3 |
| 2007-10-12 | CVE-2007-5384 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site request forgery (CSRF) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to perform actions as administrators via unspecified POST requests, as demonstrated by enabling an inbound remote-assistance HTTPS session on TCP port 51003. | 4.3 |
| 2007-10-06 | CVE-2007-5259 | Cross-Site Request Forgery (CSRF) vulnerability in Ilient Sysaid 4.5.03/4.5.04 Cross-site request forgery (CSRF) vulnerability in Ilient SysAid 4.5.03 and 4.5.04 allows remote attackers to perform some actions as administrators, as demonstrated by changing the administrator password. | 4.3 |
| 2007-10-06 | CVE-2007-5251 | Cross-Site Request Forgery (CSRF) vulnerability in Webhost Automation Helm web Hosting Control Panel 3.2.16 Multiple cross-site scripting (XSS) vulnerabilities in Helm 3.2.16 allow remote attackers to inject arbitrary web script or HTML via (1) the showOption parameter to domain.asp, or the (2) Folder or (3) StartPath parameter to FileManager.asp. | 4.3 |