CVE-2015-3272

CVE-2015-3272 describes an open redirect vulnerability in Moodle’s lib/moodlelib.php: the clean_param function can be abused to redirect users to arbitrary sites via an HTTP Referer header that matches a local URL substring. Affected Moodle versions are up to 2.6.11, and 2.7.x before 2.7.9, 2.8.x...

CVE-2015-3272

Open redirect vulnerability in the cleanparam function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer...

WordPress Music Store 1.0.14 Open Redirect

Title: Open Redirect Vulnerability in Music Store Wordpress Plugin v1.0.14 Submitter: Nitin Venkatesh Product: Music Store Wordpress Plugin Product URL: https://wordpress.org/plugins/music-store/ Vulnerability Type: URL Redirection to Untrusted Site 'Open Redirect' CWE-601 Affected Versions:...

CVE-2015-3175

Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer...

CVE-2015-2314

SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed...

Sql injection

SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed...

WordPress WPML Plugin <= 3.1.8 - SQL Injection #2

Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "lang" parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed. Related records:...

EUVD-2015-1203

Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header...

AdaptCMS 3.0.3 HTTP Referer Header Open Redirect

AdaptCMS 3.0.3 HTTP Referer Header Field Open Redirect Vulnerability Vendor: Insane Visions Product web page: http://www.adaptcms.com Affected version: 3.0.3 Summary: AdaptCMS is a Content Management System trying to be both simple and easy to use, as well as very agile and extendable. Not only...

CVE-2014-9453

Multiple cross-site scripting XSS vulnerabilities in simple-visitor-stat.php in the Simple visitor stat plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP User-Agent or 2 HTTP Referer header...

CVE-2014-9453

Multiple cross-site scripting XSS vulnerabilities in simple-visitor-stat.php in the Simple visitor stat plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP User-Agent or 2 HTTP Referer header...

WordPress Simple Visitor Stat Cross Site Scripting

Title: WordPress 'Simple Visitor Stat' plugin - Stored XSS Reported by: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/simple-visitor-stat/ ---------------------------------------------------------------- Description:...

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Small Business RV Series Routers

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Small Business RV Series Routers Advisory ID: cisco-sa-20141105-rv Revision 1.0 For Public Release 2014 November 5 16:00 UTC GMT...

Multiple Vulnerabilities in Cisco Small Business RV Series Routers

The Cisco RV120W Wireless-N VPN Firewall, Cisco RV180 VPN Router, Cisco RV180W Wireless-N Multifunction VPN Router, and Cisco RV220W Wireless Network Security Firewall are affected by the following vulnerabilities: Cisco RV Series Routers Command Injection Vulnerability Cisco RV Series Routers HT...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the 1 givenName, 2 familyName, 3 address1, or 4 address2 parameter to registrationapp/registerPatient.page; the 5 comment parameter to...

CVE-2014-8071

Multiple cross-site scripting XSS vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the 1 givenName, 2 familyName, 3 address1, or 4 address2 parameter to registrationapp/registerPatient.page; the 5 comment parameter to...

Cross site scripting

Cross-site scripting XSS vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression...

CVE-2014-8380

Cross-site scripting XSS vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression...

CVE-2014-8380

The CVE-2014-8380 is an XSS vulnerability in Splunk 6.1.1 where the Referer header in a 404 response is not properly sanitized, enabling remote attackers to inject arbitrary script/HTML in the victim’s browser. Multiple connected sources (OpenVAS, Tenable, CVE listings) corroborate this as a Refe...

CVE-2014-8301

Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header...