Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-07-25 | CVE-2008-3325 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page. | 6.0 |
| 2008-07-22 | CVE-2008-3262 | Cross-Site Request Forgery (CSRF) vulnerability in Claroline Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password. | 5.8 |
| 2008-07-18 | CVE-2008-3221 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities. | 4.3 |
| 2008-07-18 | CVE-2008-3220 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings." | 4.3 |
| 2008-07-16 | CVE-2008-3197 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set. | 3.5 |
| 2008-07-09 | CVE-2008-3080 | Cross-Site Request Forgery (CSRF) vulnerability in Mywebland Mybloggie 2.1.6 Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. | 5.1 |
| 2008-06-09 | CVE-2008-1106 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files. | 7.1 |
| 2008-06-03 | CVE-2008-2531 | Cross-Site Request Forgery (CSRF) vulnerability in Buildanichestore3 Bans 3.0 Cross-site scripting (XSS) vulnerability in the search script in Build A Niche Store (BANS) 3.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 4.3 |
| 2008-05-16 | CVE-2008-2276 | Cross-Site Request Forgery (CSRF) vulnerability in Matisbt Mantis 1.1.1 Cross-site request forgery (CSRF) vulnerability in manage_user_create.php in Mantis 1.1.1 allows remote attackers to create new administrative users via a crafted link. | 6.8 |
| 2008-05-12 | CVE-2008-2140 | Cross-Site Request Forgery (CSRF) vulnerability in Rpath Appliance Platform Agent 2/3 Cross-site request forgery (CSRF) vulnerability in the rootpw plugin in rPath Appliance Platform Agent 2 and 3 allows remote attackers to reset the root password as the administrator via a crafted URL. | 2.6 |