Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-27 | CVE-2007-4541 | Cross-Site Request Forgery (CSRF) vulnerability in Olate Olatedownload 3.4.2 Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php. | 4.3 |
| 2007-07-11 | CVE-2007-3457 | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Flash Player Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file. | 4.3 |
| 2007-06-26 | CVE-2007-3416 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site request forgery (CSRF) vulnerabilities in the administration of (1) polls, (2) profiles, (3) IP bans, and (4) forums in (a) web-app.org WebAPP 0.8 through 0.9.9.6; and (b) web-app.net WebAPP 0.9.9.3.3, 0.9.9.3.4, and 2007; allow remote attackers to perform deletions as administrators. | 5.0 |
| 2007-05-11 | CVE-2007-2589 | Cross-Site Request Forgery (CSRF) vulnerability in Squirrelmail Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element. | 5.0 |
| 2007-03-16 | CVE-2007-1489 | Cross-Site Request Forgery (CSRF) vulnerability in Web-App.Org Webapp 0.9.9.4/0.9.9.5/0.9.9.6 Unspecified vulnerability in web-app.org Web Automated Perl Portal (WebAPP) 0.9.9.4 to 0.9.9.6 allows remote attackers to obtain admin access by modifying cookies and performing "certain consecutive actions," possibly due to a cross-site request forgery (CSRF) vulnerability. | 6.8 |
| 2007-03-05 | CVE-2007-1276 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename. | 4.3 |
| 2007-03-02 | CVE-2007-1157 | Cross-Site Request Forgery (CSRF) vulnerability in Jboss Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733. | 7.6 |
| 2007-01-03 | CVE-2007-0044 | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Acrobat, Acrobat 3D and Acrobat Reader Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." | 4.3 |
| 2006-12-26 | CVE-2006-6741 | Cross-Site Request Forgery (CSRF) vulnerability in Mkportal 1.1 Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag. | 5.8 |
| 2006-12-23 | CVE-2006-6701 | Cross-Site Request Forgery (CSRF) vulnerability in Atmail Webmail 3.0/4.0/4.51 Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail. | 7.5 |