Vulnerabilities > Cross-Site Request Forgery (CSRF)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-01-16 | CVE-2009-0055 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Ironport Encryption Appliance and Ironport Postx Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to modify appliance preferences as arbitrary users via unspecified vectors. | 6.8 |
2009-01-09 | CVE-2009-0112 | Cross-Site Request Forgery (CSRF) vulnerability in Expinion Poll PRO 3.0 Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote attackers to create or modify accounts as administrators via the username, password, and name parameters. | 6.8 |
2008-12-30 | CVE-2008-5758 | Cross-Site Request Forgery (CSRF) vulnerability in PHParanoid 0.1/0.2/0.3 Cross-site request forgery (CSRF) vulnerability in PHParanoid before 0.5 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors related to private messages. | 6.8 |
2008-12-19 | CVE-2008-5252 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1.3.0 through 1.6.10, 1.12.x before 1.12.2, and 1.13.x before 1.13.3 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors. | 5.8 |
2008-12-19 | CVE-2008-5672 | Cross-Site Request Forgery (CSRF) vulnerability in PHParanoid 0.1/0.2 Multiple cross-site request forgery (CSRF) vulnerabilities in PHParanoid before 0.4 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) admin.php or (2) private messages. | 6.8 |
2008-12-17 | CVE-2008-5621 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. | 6.0 |
2008-12-15 | CVE-2008-5568 | Cross-Site Request Forgery (CSRF) vulnerability in Ipn-Mate IPN PRO 3 Cross-site request forgery (CSRF) vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the admin_id, newpass_1, and newpass_2 parameters. | 6.8 |
2008-12-15 | CVE-2008-5567 | Cross-Site Request Forgery (CSRF) vulnerability in Bonzacart Bonza Cart Cross-site request forgery (CSRF) vulnerability in admin/ad_settings.php in Bonza Cart 1.10 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters. | 6.8 |
2008-12-15 | CVE-2008-5565 | Cross-Site Request Forgery (CSRF) vulnerability in Dinkumsoft DL Paycart 1.01 Cross-site request forgery (CSRF) vulnerability in admin/settings.php in DL PayCart 1.34 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters. | 6.8 |
2008-12-09 | CVE-2008-5382 | Cross-Site Request Forgery (CSRF) vulnerability in I-O Data products Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE HDL-F160, HDL-F250, HDL-F300, and HDL-F320 firmware before 1.02 allows remote attackers to (1) change a configuration or (2) delete files as an authenticated user via unknown vectors. | 6.8 |