Vulnerabilities > Cross-Site Request Forgery (CSRF)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-09-21 | CVE-2007-5032 | Cross-Site Request Forgery (CSRF) vulnerability in Francisco Burzi PHP-Nuke Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified add_name and add_radminsuper parameters. | 5.1 |
2007-09-18 | CVE-2007-4930 | Cross-Site Request Forgery (CSRF) vulnerability in Axis 207W Network Camera Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 207W camera allow remote attackers to perform certain actions as administrators via (1) axis-cgi/admin/restart.cgi, (2) the user and sgrp parameters to axis-cgi/admin/pwdgrp.cgi in an add action, or (3) the server parameter to admin/restartMessage.shtml. | 4.3 |
2007-09-14 | CVE-2007-4893 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field. | 4.3 |
2007-09-11 | CVE-2007-4822 | Cross-Site Request Forgery (CSRF) vulnerability in Buffalotech Airstation Whr-G54S 1.20 Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html. | 4.3 |
2007-09-05 | CVE-2007-4724 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Tomcat 4.1.31 Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters. | 4.3 |
2007-08-27 | CVE-2007-4544 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress MU Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field). | 4.3 |
2007-08-27 | CVE-2007-4541 | Cross-Site Request Forgery (CSRF) vulnerability in Olate Olatedownload 3.4.2 Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php. | 4.3 |
2007-07-11 | CVE-2007-3457 | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Flash Player Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file. | 4.3 |
2007-06-26 | CVE-2007-3416 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site request forgery (CSRF) vulnerabilities in the administration of (1) polls, (2) profiles, (3) IP bans, and (4) forums in (a) web-app.org WebAPP 0.8 through 0.9.9.6; and (b) web-app.net WebAPP 0.9.9.3.3, 0.9.9.3.4, and 2007; allow remote attackers to perform deletions as administrators. | 5.0 |
2007-05-11 | CVE-2007-2589 | Cross-Site Request Forgery (CSRF) vulnerability in Squirrelmail Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element. | 5.0 |