Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to (1) delete comments, (2) delete content revisions, and (3) disable menu items as privileged users, related to improper use of HTTP GET and the Forms API.
Max CVSS
4.3
EPSS Score
0.96%
Published
2007-07-30
Updated
2017-07-29
Cross-site request forgery (CSRF) vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators.
Max CVSS
7.6
EPSS Score
1.92%
Published
2007-07-26
Updated
2017-07-29
Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors.
Max CVSS
7.5
EPSS Score
2.74%
Published
2007-07-17
Updated
2018-10-15
The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks.
Max CVSS
7.5
EPSS Score
1.86%
Published
2007-07-15
Updated
2018-10-15
Cross-site request forgery (CSRF) vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a former customer
Max CVSS
9.3
EPSS Score
2.25%
Published
2007-07-15
Updated
2024-03-21
Cross-site request forgery (CSRF) vulnerability in the Email-Template module in Generic YouTube Clone Script allows remote attackers to upload files with arbitrary file types to templates/emails/ as administrators.
Max CVSS
9.3
EPSS Score
0.95%
Published
2007-07-15
Updated
2018-10-15
Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the (1) tool_url parameter to ecrire/tools.php and multiple fields on the (2) blogconf, (3) blogroll, (4) ecrire/redacteur.php, and (5) ecrire/user_prefs.php pages.
Max CVSS
2.6
EPSS Score
1.09%
Published
2007-07-11
Updated
2017-07-29
Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file.
Max CVSS
4.3
EPSS Score
0.41%
Published
2007-07-11
Updated
2017-07-29
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!