Vulnerabilities > Cross-Site Request Forgery (CSRF)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-02-05 | CVE-2008-0563 | Cross-Site Request Forgery (CSRF) vulnerability in Liferay Enterprise Portal 4.3.6 Cross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format. | 4.3 |
2008-02-05 | CVE-2008-0182 | Cross-Site Request Forgery (CSRF) vulnerability in Liferay Enterprise Portal Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message. | 4.3 |
2008-01-31 | CVE-2008-0524 | Cross-Site Request Forgery (CSRF) vulnerability in Yamaha products Cross-site request forgery (CSRF) vulnerability in the management interface in multiple Yamaha RT series routers allows remote attackers to change password settings and probably other configuration settings as administrators via unspecified vectors. | 7.5 |
2008-01-31 | CVE-2008-0508 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Permalinks Migration Plugin 1.0 Cross-site request forgery (CSRF) vulnerability in deans_permalinks_migration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure (aka dean_pm_config[oldstructure]) configuration setting as administrators via the old_struct parameter in a deans_permalinks_migration.php action to wp-admin/options-general.php, as demonstrated by placing an XSS sequence in this setting. | 6.8 |
2008-01-29 | CVE-2008-0472 | Cross-Site Request Forgery (CSRF) vulnerability in Woltlab Burning Board 2.3.6Pl2 Cross-site request forgery (CSRF) vulnerability in modcp.php in Woltlab Burning Board (wBB) 2.3.6 PL2 allows remote attackers to delete threads as moderators or administrators via a thread_del action. | 4.3 |
2008-01-29 | CVE-2008-0471 | Cross-Site Request Forgery (CSRF) vulnerability in PHPbb 2.0.22 Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action. | 4.3 |
2008-01-17 | CVE-2008-0336 | Cross-Site Request Forgery (CSRF) vulnerability in Bugtracker.Net Multiple cross-site request forgery (CSRF) vulnerabilities in BugTracker.NET before 2.7.2 allow remote attackers to delete arbitrary bugs and perform other administrative tasks via unspecified vectors, possibly related to delete_*.aspx pages, and massedit.aspx, subscribe.aspx, flag.aspx, and relationships.aspx. | 4.3 |
2008-01-15 | CVE-2008-0272 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users. | 4.3 |
2008-01-15 | CVE-2008-0271 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Bueditor The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete custom editor interfaces. | 4.3 |
2008-01-15 | CVE-2008-0266 | Cross-Site Request Forgery (CSRF) vulnerability in Eticket 1.5.5.2 Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. | 2.6 |