Vulnerabilities > Cross-Site Request Forgery (CSRF)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-03-10 | CVE-2008-1260 | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel P-2602Hw-D1A Multiple cross-site request forgery (CSRF) vulnerabilities on the Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware allow remote attackers to (1) make the admin web server available on the Internet (WAN) interface via the WWWAccessInterface parameter to Forms/RemMagWWW_1 or (2) change the IP whitelisting timeout via the StdioTimout parameter to Forms/rpSysAdmin_1. | 4.3 |
2008-03-10 | CVE-2008-1254 | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel P-660Hw Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXEL P-660HW series router allow remote attackers to (1) change DNS servers and (2) add keywords to the "bannedlist" via unspecified vectors. | 6.8 |
2008-03-10 | CVE-2008-1250 | Cross-Site Request Forgery (CSRF) vulnerability in Snom 320 SIP Phone Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the central phone server for the Snom 320 SIP Phone allow remote attackers to perform actions as the phone user, as demonstrated by inserting an address-book entry containing an XSS sequence. | 9.3 |
2008-03-10 | CVE-2008-1248 | Cross-Site Request Forgery (CSRF) vulnerability in Snom 320 SIP Phone The web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to make arbitrary phone calls via the "Call a number" field. | 5.8 |
2008-03-06 | CVE-2008-1172 | Cross-Site Request Forgery (CSRF) vulnerability in Torrenttrader and Torrenttrader Classic Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php in TorrentTrader Classic 1.08 allow remote attackers to perform certain actions as other users, as demonstrated by sending messages. | 4.3 |
2008-03-04 | CVE-2008-1149 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies. | 5.1 |
2008-02-19 | CVE-2008-0556 | Cross-Site Request Forgery (CSRF) vulnerability in Openca PKI Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, and possibly earlier versions, allows remote attackers to perform unauthorized actions as authorized users via a link or IMG tag to RAServer. | 7.5 |
2008-02-15 | CVE-2008-0788 | Cross-Site Request Forgery (CSRF) vulnerability in Mybb Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the authentication of arbitrary users for requests that delete private messages (PM) via a delete action to private.php. | 6.8 |
2008-02-05 | CVE-2008-0575 | Cross-Site Request Forgery (CSRF) vulnerability in Webspell 4.01.02 Cross-site request forgery (CSRF) vulnerability in admin/admincenter.php in webSPELL 4.01.02 allows remote attackers to assign the superadmin privilege level to arbitrary accounts as administrators via an "update member" action. | 4.3 |
2008-02-05 | CVE-2008-0571 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Userpoints Module 4.7/5.0 The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, 5.x-2 before 5.x-2.16, and 5.x-3 before 5.x-3.3 module for Drupal does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and manipulate points. | 4.3 |