CVE-2017-14195

The callmsg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer...

CVE-2017-14195

The CVE-2017-14195 entry describes an XSS vulnerability in dayrui FineCms 5.0.11, specifically in the call_msg function of controllers/Form.php. The issue is triggered by the Referer HTTP header (noted for Internet Explorer) and is described across multiple sources as cross-site scripting, with p...

CVE-2017-14195

The callmsg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer...

CVE-2017-14194

The CVE-2017-14194 entry concerns dayrui FineCms version 5.0.11, where the out function in controllers/member/Login.php is reported to have an XSS vulnerability related to the Referer HTTP header in Internet Explorer. Multiple connected records (NVD, Red Hat, CNVD, CVE list mirrors, and regional ...

CVE-2017-14193

The CVE-2017-14193 entry concerns dayrui FineCms 5.0.11, where the oauth function in controllers/member/api.php is vulnerable to cross-site scripting via the Referer HTTP header when accessed from Internet Explorer. This is the explicit vulnerable component and vector described in the connected d...

MGASA-2017-0325 Updated rt/perl-Encode packages fix security vulnerability

RT 4.0.0 and above are vulnerable to a limited privilege escalation leading to unauthorized modification of ticket data. The DeleteTicket right and any custom lifecycle transition rights may be bypassed by any user with ModifyTicket CVE-2012-4733. RT 3.8.0 and above include a version of bin/rt th...

CVE-2017-14037

CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability...

CVE-2017-14037

CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability...

Design/Logic Flaw

CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability...

CVE-2017-14037

CVE-2017-14037 affects CrushFTP before 7.8.0 and 8.x before 8.2.0, described as an HTTP header vulnerability. Public documents confirm the affected versions and nature of the issue across NVD/Red Hat/CNVD entries; exploitation details are not provided in the supplied materials. CVSS data present ...

CVE-2017-14037

CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability...

WordPress: Clickjacking mercantile.wordpress.org

A Clickjaking Issue had been previously reported by "giantfire" on Aug 9th 19 days ago and the issue was fixed by "iandunn" on Aug 25th 3 days ago and the same disclosed on Aug 28th. Here the affected URL is- https://mercantile.wordpress.org/ "iandunn closed the report and changed the status to...

Heap overflow

HTTP header injection in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30...

CVE-2015-1445

CVE-2015-1445 affects the fli4l httpd component. The connected documents confirm an HTTP header injection vulnerability in the httpd package for fli4l before 3.10.1 and in version 4.0 before 2015-01-30. The CVSS metrics indicate a NETWORK-exposed issue with HIGH severity (CVSS v3.0: AV:N/AC:L/PR:...

CVE-2015-1445

HTTP header injection in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30...

HTTP Header Injection

vertx-core is vulnerable to HTTP header injections. The library does not validate HTTP header values, allowing attackers to inject arbitrary headers in requests. This vulnerability is a different vulnerability from CVE-2018-12537, however the fix for CVE-2018-12537 remediates this vulnerability...

In a remote sandbox, free to soar: Adobe Flash Windows user credentials disclosure vulnerability-vulnerability warning-the black bar safety net

One, Foreword Recently, I published about the Flash sandbox escape vulnerabilities of an article, The final result has survived ten years of the Flash Player local security sandbox died a natural death. Before this vulnerability to show us the input data to verify the correctness of importance. T...

CVE-2017-12650

CVE-2017-12650 affects the WordPress Loginizer plugin prior to version 1.3.6. The root cause is improper sanitization of the X-Forwarded-For HTTP header, which is forwarded to the lz_selectquery() function and can be exploited to perform a blind SQL injection via the login workflow. Impact stated...

CVE-2017-12650

SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header...

Open Redirect

rails is vulnerable to open redirects. The X-Forwarded-Host HTTP header is always trusted, allowing a malicious user to pass an invalid host header to redirect a user to a malicious URL...