Vulnerabilities > Cross-Site Request Forgery (CSRF)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-01-10 | CVE-2008-0228 | Cross-Site Request Forgery (CSRF) vulnerability in Linksys Wrt54Gl 4.30.9 Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators. | 9.3 |
2008-01-04 | CVE-2007-6642 | Cross-Site Request Forgery (CSRF) vulnerability in Joomla 1.5Rc4 Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors. | 6.8 |
2007-12-20 | CVE-2007-6490 | Cross-Site Request Forgery (CSRF) vulnerability in Falcon Series ONE CMS 1.4.3 Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php. | 4.3 |
2007-12-17 | CVE-2007-6410 | Cross-Site Request Forgery (CSRF) vulnerability in Gadu-Gadu Instant Messenger Gadu-Gadu does not properly perform protocol handling, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and add arbitrary user accounts or cause a denial of service as administrators via an unspecified "crafted link," possibly related to the gg protocol. | 4.3 |
2007-12-17 | CVE-2007-6390 | Cross-Site Request Forgery (CSRF) vulnerability in Serendipity Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page. | 4.3 |
2007-12-12 | CVE-2007-6320 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Feature Module 4.7.Xdev/5.Xdev Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks. | 4.3 |
2007-12-10 | CVE-2007-6300 | Cross-Site Request Forgery (CSRF) vulnerability in Fusion News Fusion News 3.9.0 Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors. | 5.0 |
2007-11-22 | CVE-2007-6087 | Cross-Site Request Forgery (CSRF) vulnerability in Vigilecms 1.4 Cross-site request forgery (CSRF) vulnerability in index.php in VigileCMS 1.4 allows remote attackers to change the admin password via certain parameters to the changepass module. | 6.8 |
2007-11-10 | CVE-2007-5918 | Cross-Site Request Forgery (CSRF) vulnerability in MS Topsites MS Topsites Cross-site request forgery (CSRF) vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an arbitrary user via a modified uname value in an edit action to modules.php. | 6.0 |
2007-11-10 | CVE-2007-5917 | Cross-Site Request Forgery (CSRF) vulnerability in Skalinks 1.5 Cross-site request forgery (CSRF) vulnerability in admin/admin_account.php in Skalinks 1.5 and earlier allows remote attackers to add arbitrary privileged accounts as administrators via the admin_name, admin_password, admin_type, and Add_admin parameters. | 6.8 |