CVE-2008-6983

modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gvfolderdata parameter, as demonstrated by modifying modules/tool/url2header.php...

CVE-2008-6983

CVE-2008-6983 affects devalcms 1.4a: the file modules/tool/hitcounter.php allows remote code execution via the HTTP Referer header using the gv_folder_data parameter, demonstrated by modifying modules/tool/url2header.php. This indicates improper handling of user-controlled input in the vulnerable...

FreeBSD : drupal -- multiple vulnerabilities (be927298-6f97-11de-b444-001372fd0af2)

The Drupal Security Team reports : Cross-site scripting The Forum module does not correctly handle certain arguments obtained from the URL. By enticing a suitably privileged user to visit a specially crafted URL, a malicious user is able to insert arbitrary HTML and script code into forum pages...

Default credentials

Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from 1 the HTTP referer header of external web sites that are visited from those links or 2 when...

CVE-2009-2374

Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from 1 the HTTP referer header of external web sites that are visited from those links or 2 when...

CVE-2009-2374

Affected software: Drupal 5.x (before 5.19) and 6.x (before 6.13). Vulnerability: information disclosure of usernames and passwords in links on pages that contain a sortable table during failed login attempts. This can leak credentials via the HTTP referer header for external sites or through the...

Sql injection

SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header...

CVE-2009-1842

SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header...

Next injection protection cross-site scripting request spoofing(CSRF)-vulnerability warning-the black bar safety net

Author: superhei, 出处 :ph4nt0m.org CSRFCross-site Request Forgery,cross-site request cheat in the past year nn2always fire, however, CSRF is very difficult to completely prevent, following some of my Bypass Preventingside note CSRF tricks...... CSRFCross-site Request Forgery,cross-site request che...

SuSE Update for flash-player SUSE-SA:2007:046

Check for the Version of flash-player OpenVAS Vulnerability Test $Id: gbsuse2007046.nasl 8050 2017-12-08 09:34:29Z santu $ SuSE Update for flash-player SUSE-SA:2007:046 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is fr...

CVE-2008-5400

Multiple cross-site request forgery CSRF vulnerabilities in mvnForum before 1.2.1 GA allow remote attackers to 1 create forums, 2 change account privileges, 3 enable accounts, or 4 disable accounts as a product administrator via unspecified vectors, possibly related to HTTP Referer headers...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in mvnForum before 1.2.1 GA allow remote attackers to 1 create forums, 2 change account privileges, 3 enable accounts, or 4 disable accounts as a product administrator via unspecified vectors, possibly related to HTTP Referer headers...

CVE-2008-5400

CVE-2008-5400 describes multiple cross-site request forgery (CSRF) vulnerabilities in mvnForum up to version 1.2.1 GA, allowing remote attackers to perform admin actions (e.g., create forums, change/enable/disable accounts) via unspecified vectors, possibly related to HTTP Referer headers. Affect...

CVE-2007-2952

Multiple stack-based buffer overflows in the filter service aka k9filter.exe in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow 1 remote attackers to execute arbitrary code via a long HTTP Referer header to the K9 Web Protection Administration interface and 2 man-in-the-middle attacke...

Stack overflow

Multiple stack-based buffer overflows in the filter service aka k9filter.exe in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow 1 remote attackers to execute arbitrary code via a long HTTP Referer header to the K9 Web Protection Administration interface and 2 man-in-the-middle attacke...

CVE-2007-2952

Multiple stack-based buffer overflows in the filter service aka k9filter.exe in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow 1 remote attackers to execute arbitrary code via a long HTTP Referer header to the K9 Web Protection Administration interface and 2 man-in-the-middle attacke...

Secunia Research: Akamai Red Swoosh Cross-Site Request Forgery

====================================================================== Secunia Research 06/06/2008 - Akamai Red Swoosh Cross-Site Request Forgery Vulnerabilities - ====================================================================== Table of Contents Affected...

CVE-2008-1238

Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely ...

Cross site request forgery (csrf)

Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely ...

CVE-2008-1238

CVE-2008-1238 affects Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9. The vulnerability arises when generating the HTTP Referer header: if the URL contains Basic Authentication credentials without a username, the Referer header may not include the full URL, potentially allowing remote...