Vulnerabilities > Cross-Site Request Forgery (CSRF)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-09-04 | CVE-2008-3925 | Cross-Site Request Forgery (CSRF) vulnerability in Hans Oesterholt Cmme 1.12 Cross-site request forgery (CSRF) vulnerability in admin.php in Content Management Made Easy (CMME) 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action. | 4.3 |
2008-09-04 | CVE-2008-3909 | Cross-Site Request Forgery (CSRF) vulnerability in Django Project Django 0.91/0.95/0.96 The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests. | 5.8 |
2008-09-02 | CVE-2008-3885 | Cross-Site Request Forgery (CSRF) vulnerability in Blogn 1.9.3 Cross-site request forgery (CSRF) vulnerability in Blogn (BURO GUN) 1.9.7 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make content modifications. | 6.8 |
2008-08-27 | CVE-2008-3736 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site request forgery (CSRF) vulnerabilities in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (a) change passwords or (b) change configurations. | 6.0 |
2008-08-27 | CVE-2008-3744 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) delete user access rules. | 5.8 |
2008-08-27 | CVE-2008-3743 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements. | 5.8 |
2008-08-21 | CVE-2008-3760 | Cross-Site Request Forgery (CSRF) vulnerability in Lussumo Vanilla Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout via a SignOutNow action to people.php. | 4.3 |
2008-08-21 | CVE-2008-3759 | Cross-Site Request Forgery (CSRF) vulnerability in Lussumo Vanilla Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors. | 7.5 |
2008-08-19 | CVE-2008-3716 | Cross-Site Request Forgery (CSRF) vulnerability in Harmoni Cross-site request forgery (CSRF) vulnerability in Harmoni before 1.6.0 allows remote attackers to make administrative modifications via a (1) save or (2) delete action to an unspecified component. | 6.0 |
2008-07-31 | CVE-2008-3392 | Cross-Site Request Forgery (CSRF) vulnerability in Webwizguide web WIZ Forum 9.5 Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 allows remote attackers to log out a user via a link or IMG tag to log_off_user.asp. | 5.8 |