CVE & Exploit Intelligence Database

CVE-2006-6701 EPSS 0.01

Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail.

CWE-352 Dec 23, 2006

CVE-2006-5175 EPSS 0.00

Cross-site request forgery (CSRF) vulnerability in the administrative interface for the TeraStation HD-HTGL firmware 2.05 beta 1 and earlier allows remote attackers to modify configurations or delete arbitrary data via unspecified vectors.

CWE-352 Oct 10, 2006

CVE-2005-3348 EPSS 0.02

HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter.

CWE-352 Nov 18, 2005

CVE-2005-2059 6.5 MEDIUM EPSS 0.00

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag.

CWE-352 Jun 29, 2005

CVE-2005-1947 4.3 MEDIUM EPSS 0.01

Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions.

CWE-352 Jun 09, 2005

CVE-2005-1674 6.5 MEDIUM 1 PoC Analysis EPSS 0.01

Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php.

CWE-352 May 19, 2005

CVE-2004-1842 8.8 HIGH 1 PoC Analysis EPSS 0.01

Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php.

CWE-352 Dec 31, 2004

CVE-2004-1995 6.5 MEDIUM 1 PoC Analysis EPSS 0.05

Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm.

CWE-352 Dec 31, 2004

CVE-2004-1703 8.8 HIGH 1 PoC Analysis EPSS 0.01

Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.

CWE-352 Jul 30, 2004

CVE-2004-1967 8.8 HIGH EPSS 0.01

Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link.

CWE-352 Apr 25, 2004

CVE-2002-2426 EPSS 0.00

Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.

CWE-352 Dec 31, 2002