Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-05 | CVE-2007-5229 | Cross-Site Request Forgery (CSRF) vulnerability in Feedburner Feedsmith 2.2 Cross-site request forgery (CSRF) vulnerability in the FeedBurner FeedSmith 2.2 plugin for WordPress allows remote attackers to change settings and hijack blog feeds via a request to wp-admin/options-general.php that submits parameter values to FeedBurner_FeedSmith_Plugin.php, as demonstrated by the (1) feedburner_url and (2) feedburner_comments_url parameters. | 6.4 |
| 2007-10-04 | CVE-2007-5213 | Cross-Site Request Forgery (CSRF) vulnerability in Axis 2100 Network Camera and 2100 Network Camera Firmware Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page. | 9.3 |
| 2007-09-26 | CVE-2007-5109 | Cross-Site Request Forgery (CSRF) vulnerability in Flatnuke 2.6 Cross-site request forgery (CSRF) vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified (1) regpass and (2) level parameters in a none_Login action, as demonstrated by using a Flash object to automatically make the request. | 4.3 |
| 2007-09-24 | CVE-2007-5060 | Cross-Site Request Forgery (CSRF) vulnerability in Xcms Cross-site request forgery (CSRF) vulnerability in the cpass functionality in an admin action in index.php in XCMS allows remote attackers to change arbitrary passwords via certain password_ and rpassword_ parameters, possibly related to timestamp values. | 4.3 |
| 2007-09-21 | CVE-2007-5032 | Cross-Site Request Forgery (CSRF) vulnerability in Francisco Burzi PHP-Nuke Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified add_name and add_radminsuper parameters. | 5.1 |
| 2007-09-18 | CVE-2007-4930 | Cross-Site Request Forgery (CSRF) vulnerability in Axis 207W Network Camera Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 207W camera allow remote attackers to perform certain actions as administrators via (1) axis-cgi/admin/restart.cgi, (2) the user and sgrp parameters to axis-cgi/admin/pwdgrp.cgi in an add action, or (3) the server parameter to admin/restartMessage.shtml. | 4.3 |
| 2007-09-14 | CVE-2007-4893 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field. | 4.3 |
| 2007-09-11 | CVE-2007-4822 | Cross-Site Request Forgery (CSRF) vulnerability in Buffalotech Airstation Whr-G54S 1.20 Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html. | 4.3 |
| 2007-09-05 | CVE-2007-4724 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Tomcat 4.1.31 Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters. | 4.3 |
| 2007-08-27 | CVE-2007-4544 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress MU Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field). | 4.3 |