Security Vulnerabilities, CVEs, Published In February 2007 (CSRF)
Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php.
Max CVSS
9.3
EPSS Score
1.10%
Published
2007-02-13
Updated
2018-10-16
Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.
Max CVSS
5.1
EPSS Score
1.92%
Published
2007-02-15
Updated
2018-10-16
Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.
Max CVSS
6.8
EPSS Score
28.56%
Published
2007-02-07
Updated
2018-10-16
3 vulnerabilities found