Vulnerabilities > Cross-Site Request Forgery (CSRF)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-11-21 | CVE-2008-5189 | Cross-Site Request Forgery (CSRF) vulnerability in Rubyonrails Rails and Ruby ON Rails CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function. | 5.0 |
2008-11-18 | CVE-2008-5115 | Cross-Site Request Forgery (CSRF) vulnerability in SUN Java System Identity Manager 6.0/7.0/7.1 Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp. | 6.8 |
2008-11-17 | CVE-2008-5113 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress 2.6.3 WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). | 4.0 |
2008-11-04 | CVE-2008-4899 | Cross-Site Request Forgery (CSRF) vulnerability in Planetluc Rateme 1.3.3 Cross-site request forgery (CSRF) vulnerability in Planetluc RateMe 1.3.3 allows remote attackers to perform unauthorized actions as other users via unspecified vectors. | 6.8 |
2008-11-03 | CVE-2008-3868 | Cross-Site Request Forgery (CSRF) vulnerability in Cce-Interact Interact 2.4.1 Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 allows remote attackers to hijack the authentication of super administrators for requests that create super administrator accounts. | 6.8 |
2008-10-24 | CVE-2008-4734 | Cross-Site Request Forgery (CSRF) vulnerability in Pressography WP Comment Remix Plugin 1.4 Cross-site request forgery (CSRF) vulnerability in the wpcr_do_options_page function in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to perform unauthorized actions as administrators via a request that sets the wpcr_hidden_form_input parameter. | 7.5 |
2008-10-06 | CVE-2008-4448 | Cross-Site Request Forgery (CSRF) vulnerability in Positive Software H-Sphere 4.3.10 Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) futils, or (3) edit actions. | 6.8 |
2008-09-25 | CVE-2008-4247 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. | 7.5 |
2008-09-25 | CVE-2008-4242 | Cross-Site Request Forgery (CSRF) vulnerability in Proftpd Project Proftpd 1.3.1 ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. | 6.8 |
2008-09-05 | CVE-2008-3938 | Cross-Site Request Forgery (CSRF) vulnerability in Opendb 1.0.6 Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action. | 5.8 |