CVE-2010-2429

Cross-site scripting XSS vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response...

Cross site scripting

Cross-site scripting XSS vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response...

CVE-2010-2429

CVE-2010-2429 affects Splunk Web 4.0–4.1.2, where an XSS exists in how the HTTP Referer is reflected in 404 Not Found responses (notably when used in Internet Explorer). The root cause is improper sanitization of the Referer header, allowing remote attackers to inject arbitrary script/HTML into a...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to 1 admin/adminconfig.php, 2 admin/adminmodules.php, 3 delete.php, 4 editlink.php, 5 submit.php, 6 submitgroups.php, 7...

CVE-2009-4788

Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the 1 return parameter to pligg/login.php and the 2 HTTP Referer header to usersettings.php...

CVE-2009-4786

Multiple cross-site scripting XSS vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to 1 admin/adminconfig.php, 2 admin/adminmodules.php, 3 delete.php, 4 editlink.php, 5 submit.php, 6 submitgroups.php, 7...

Abo CMS <= 5.4 remote SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications =================================================== Abo CMS = 5.4 remote SQL Injection Vulnerabilities =================================================== Author: Vladimir Vorontsov OnSec Russian Security Group In the popular content...

CVE-2010-0660

Google Chrome before 4.0.249.78 sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging...

Limny v2.0 Change Email and Password CSRF Exploit

Exploit for unknown platform in category web applications ================================================= Limny v2.0 Change Email and Password CSRF Exploit ================================================= /????????????????????????????\ :Limny 2.0 Change Pass CSRF : / /Discovered By: \ |Luis...

Limny 2.0 - Cross-Site Request Forgery (Create Admin User)

Limny 2.0 - Cross-Site Request Forgery Create Admin User /¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯\ :Limny 2.0 CSRF : / /Discovered By: \ |Luis Santana | / Overview ¯¯¯¯¯¯¯¯¯¯ The Limny 2.0 CMS is vulnerable to a Cross-Site-Request Forgery exploit which allows for a malicious attacker to create their own...

Limny 2.0 - Cross-Site Request Forgery (Change Email and Password)

/¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯\ :Limny 2.0 Change Pass CSRF : / /Discovered By: \ |Luis Santana | / Overview ¯¯¯¯¯¯¯¯¯¯ The Limny 2.0 CMS is vulnerable to a Cross-Site-Request Forgery exploit which allows for a malicious attacker to change the password, and email address, of any user, including...

Limny v2.0 Create Admin User CSRF Exploit

Exploit for unknown platform in category web applications ========================================= Limny v2.0 Create Admin User CSRF Exploit ========================================= /????????????????????????????\ :Limny 2.0 CSRF : / /Discovered By: \ |Luis Santana | / Overview ?????????? The...

Seven jubilee dance music management system v3. 0 0day analysis-vulnerability warning-the black bar safety net

!-- Include File="CmsDj. Conn. asp" - !-- Include File="CmsDj. Function. asp" - % Fromurl = CstrRequest. ServerVariables"HTTPREFERER" Servurl = CstrRequest. ServerVariables"SERVERNAME" If midFromurl,8,lenServurl Servurl Then //determine the REFERER Response. Write "does not support external links...

CVE-2009-3444

Cross-site scripting XSS vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 aka news to email action...

Cross site scripting

Cross-site scripting XSS vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 aka news to email action...

CVE-2009-3444

The CVE-2009-3444 entry concerns the e107 web platform (versions 0.7.16 and earlier) with a Cross-Site Scripting (XSS) vulnerability in email.php triggered via the HTTP Referer header in the news.1 (news to email) action. Affected component: e107 (email.php within news-to-email flow). Root cause:...

CVE-2008-7193

PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery CSRF attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to 1 modify the user profile via uploadfiles/include.php or 2 create a new...

Cross site request forgery (csrf)

PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery CSRF attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to 1 modify the user profile via uploadfiles/include.php or 2 create a new...

CVE-2008-6983

modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gvfolderdata parameter, as demonstrated by modifying modules/tool/url2header.php...

Code injection

modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gvfolderdata parameter, as demonstrated by modifying modules/tool/url2header.php...