Vulnerabilities > Cross-Site Request Forgery (CSRF)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-05-01 | CVE-2008-2043 | Cross-Site Request Forgery (CSRF) vulnerability in Cpanel 11.18.3/11.19.3 Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html. | 4.3 |
2008-04-28 | CVE-2008-2002 | Cross-Site Request Forgery (CSRF) vulnerability in Motorola Surfboard Sb5100 Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola Surfboard with software SB5100-2.3.3.0-SCM00-NOSH allow remote attackers to (1) cause a denial of service (device reboot) via the "Restart Cable Modem" value in the BUTTON_INPUT parameter to configdata.html, and (2) cause a denial of service (hard reset) via the "Reset All Defaults" value in the BUTTON_INPUT parameter to configdata.html. | 7.8 |
2008-04-27 | CVE-2008-1981 | Cross-Site Request Forgery (CSRF) vulnerability in E-Publish Project E-Publish 5.X1.0/5.X1.X/6.X1.X Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors. | 6.8 |
2008-04-27 | CVE-2008-1977 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in the Internationalization (i18n) Drupal module 5.x before 5.x-2.3 and 5.x-1.1, and 6.x before 6.x-1.0 beta 1, allows remote attackers to change node translation relationships via unspecified vectors. | 4.3 |
2008-04-21 | CVE-2008-0165 | Cross-Site Request Forgery (CSRF) vulnerability in Ikiwiki Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms. | 4.3 |
2008-04-10 | CVE-2008-1719 | Cross-Site Request Forgery (CSRF) vulnerability in Truzone Nuke ET 3.2/3.4 Multiple cross-site request forgery (CSRF) vulnerabilities in Nuke ET 3.2 and 3.4 allow remote attackers to perform actions as administrators, as demonstrated by inserting an XSS sequence into a document. | 6.8 |
2008-04-02 | CVE-2008-1654 | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Flash Player Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server. | 4.3 |
2008-03-20 | CVE-2008-0164 | Cross-Site Request Forgery (CSRF) vulnerability in Plone CMS 3.0.5/3.0.6 Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page. | 4.3 |
2008-03-13 | CVE-2007-6708 | Cross-Site Request Forgery (CSRF) vulnerability in Linksys Wag54Gs 1.00.06 Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi. | 4.3 |
2008-03-13 | CVE-2008-1323 | Cross-Site Request Forgery (CSRF) vulnerability in Woltlab Burning Board Lite 2.0 Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board Lite (wBB) 2 Beta 1 allows remote attackers to delete threads as other users via the ThreadDelete action. | 6.8 |