439 matches found
Session fixation
The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HT...
CVE-2010-5080
The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HT...
CVE-2010-5080
SilverStripe’s changepassword action (2.3.x before 2.3.10; 2.4.x before 2.4.4) passes a token via GET when changing a password, enabling HTTP referer leakage that can expose session data. Remote attackers could hijack sessions by inspecting referer logs on the server. Affected versions and exact ...
CVE-2012-3848
Multiple cross-site scripting XSS vulnerabilities in the web console in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to d4d/exporters.php, 2 the HTTP Referer header to d4d/exporters.php, or 3...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the web console in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to d4d/exporters.php, 2 the HTTP Referer header to d4d/exporters.php, or 3...
ZB Block Cross Site Scripting
-------------------------------------------------------------------------------------------------------------------- Vulnerable Software: // ZAPHOD BREEBLEBROX'S BLOCKER A.K.A. ZB BLOCK // VERSION 0.4.9 Final "Jaguar" 0.4.9Final Developed by HTTP://WWW.SPAMBOTSECURITY.COM...
WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability
Advisory: WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability Advisory ID: SSCHADV2012-003 Author: Stefan Schurtz Affected Software: Successfully tested on WebsiteBaker 2.8.2 SP2 Vendor URL: www.websitebaker2.org Vendor Status: fixed ========================== Vulnerability Description...
WebsiteBaker 2.8.2 Cross Site Scripting
Advisory: WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability Advisory ID: SSCHADV2012-003 Author: Stefan Schurtz Affected Software: Successfully tested on WebsiteBaker 2.8.2 SP2 Vendor URL: www.websitebaker2.org Vendor Status: fixed ========================== Vulnerability Description...
AllWebMenus WordPress Menu Plugin Arbitrary file upload
No description provided by source. Exploit Title: AllWebMenus WordPress Menu Plugin Arbitrary file upload Version: 1.1.9 Date: 2012-01-19 Author: 6Scan http://6scan.com security team Software Link: http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/ Official fix: This advisory ...
Netvolution referer header SQL injection vulnerability
Netvolution CMS v2.5.8 is vulnerable to a blind SQL injection attack in the HTTP “referer” header. A malicious user may utilize this vulnerability to modify content on the vulnerable website, inject malicious javascript code to a visitor’s browser, collect CMS usernames and plaintext passwords an...
Netvolution CMS 2.5.8 Blind SQL Injection
Netvolution CMS v2.5.8 is vulnerable to a blind SQL injection attack in the HTTP “referer” header. A malicious user may utilize this vulnerability to modify content on the vulnerable website, inject malicious javascript code to a visitor’s browser, collect CMS usernames and plaintext passwords an...
CVE-2011-1062
Multiple cross-site scripting XSS vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the 1 sContext, 2 sort, 3 dir, and 4 show parameters in a save action to index.php; the 5 dir and 6 show parameters to printlist.php;...
Icy Phoenix 1.3.0.53a Cross Site Scripting
Exploit Title: Icy Phoenix 1.3.0.53a http referer stored XSS Google Dork: " Powered by Icy Phoenix " Date: 16-2-2011 Author: Saif El-Sherei Software Link: http://www.icyphoenix.com/dload.php?action=file&fileid=171 Version: Icy Phoenix 1.3.0.53a Tested on:FF 3.0.15, IE 8 Vendor Response:...
Icy Phoenix 1.3.0.53a - HTTP Referer Persistent Cross-Site Scripting
Icy Phoenix 1.3.0.53a - HTTP Referer Persistent Cross-Site Scripting Exploit Title: Icy Phoenix 1.3.0.53a http referer stored XSS Google Dork: " Powered by Icy Phoenix " Date: 16-2-2011 Author: Saif El-Sherei Software Link: http://www.icyphoenix.com/dload.php?action=file&fileid=171 Version: Icy...
Icy Phoenix 1.3.0.53a - HTTP Referer Persistent Cross-Site Scripting
Exploit Title: Icy Phoenix 1.3.0.53a http referer stored XSS Google Dork: " Powered by Icy Phoenix " Date: 16-2-2011 Author: Saif El-Sherei Software Link: http://www.icyphoenix.com/dload.php?action=file&fileid=171 Version: Icy Phoenix 1.3.0.53a Tested on:FF 3.0.15, IE 8 Vendor Response:...
LifeType 1.2.10 HTTP Referer stored XSS
Exploit for php platform in category web applications Exploit Title: lifetype 1.2.10 http referer XSS Date: 11-1-2010 Author: Saif El-Sherei Software Link: http://lifetype.net/page/downloads Version: 1.2.10 Tested on: firefox 3.0.15 failure to sanitize the http referer header in index.php results...
Lifetype 1.2.10 HTTP Referer Cross Site Scripting
Exploit Title: lifetype 1.2.10 http referer XSSstored Date: 11-1-2010 Author: Saif El-Sherei Software Link: http://lifetype.net/page/downloads Version: 1.2.10 Tested on: firefox 3.0.15 failure to sanitize the http referer header in index.php results in a cross site scripting attack against admins...
LifeType 1.2.10 - HTTP Referer Persistent Cross-Site Scripting
LifeType 1.2.10 - HTTP Referer Persistent Cross-Site Scripting Exploit Title: lifetype 1.2.10 http referer XSS Date: 11-1-2010 Author: Saif El-Sherei Software Link: http://lifetype.net/page/downloads Version: 1.2.10 Tested on: firefox 3.0.15 failure to sanitize the http referer header in index.ph...
LifeType 1.2.10 - HTTP Referer Persistent Cross-Site Scripting
Exploit Title: lifetype 1.2.10 http referer XSS Date: 11-1-2010 Author: Saif El-Sherei Software Link: http://lifetype.net/page/downloads Version: 1.2.10 Tested on: firefox 3.0.15 failure to sanitize the http referer header in index.php results in a cross site scripting attack against admins or an...
www.eVuln.com : HTTP Response Splitting in Social Share
www.eVuln.com advisory: HTTP Response Splitting in Social Share Summary: http://evuln.com/vulns/168/summary.html Details: http://evuln.com/vulns/168/description.html -----------Summary----------- eVuln ID: EV0168 Software: Social Share Vendor: n/a Version: 2010-06-05 Critical Level: low Type: HTT...