Sql injection

SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header...

openSUSE 10 Security Update : epiphany (epiphany-4870)

This update brings the Mozilla XUL runner engine to security update version 1.8.1.10 MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inne...

openSUSE 10 Security Update : seamonkey (seamonkey-4795)

This update fixed various security problems in Mozilla SeaMonkey. Following security problems were fixed: MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the sa...

CVE-2002-2246

Cross-site scripting XSS vulnerability in VisNetic Website before 3.5.15 allows remote attackers to inject arbitrary web script or HTML via the HTTP referer header HTTPREFERER to a non-existent page, which is injected into the resulting 404 error page...

Flash Player Multiple Vulnerabilities (APSB07-12)

According to its version number, the instance of Flash Player on the remote Windows host could allow for arbitrary code execution by means of a malicious SWF file. In addition, it may also fail to sufficiently validate the HTTP Referer header, which may aid in cross-site request forgery attacks...

CVE-2006-7125

The CVE-2006-7125 entry describes a Cross-site Scripting (XSS) vulnerability in Joomla BSQ Sitestats versions 1.8.0 and 2.2.1. The issue allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly sanitized when an administrator views site sta...

CVE-2007-0760

CVE-2007-0760 affects EQdkp versions 1.3.1 and earlier. The vulnerability stems from authenticating administrative requests by checking the HTTP Referer for an admin/ URL, which enables remote attackers to read or modify account names and passwords through a spoofed Referer. The provided document...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in XiTi Tracking Script 6 and 7 RC allow remote attackers to inject arbitrary web script or HTML via 1 the xtref parameter in xiti.js and 2 an HTTP Referer header field. NOTE: the provenance of this information is unknown; the details are obtained...

CVE-2006-2795

Multiple cross-site scripting XSS vulnerabilities in XiTi Tracking Script 6 and 7 RC allow remote attackers to inject arbitrary web script or HTML via 1 the xtref parameter in xiti.js and 2 an HTTP Referer header field. NOTE: the provenance of this information is unknown; the details are obtained...

CVE-2005-4711

Neocrome Land Down Under (LDU) 801 is affected by CVE-2005-4711: SQL injection via input from the HTTP Referer header. The issue allows remote attackers to execute arbitrary SQL commands on the backend database. The Nessus NASL item for LDU_REFERER_SQL_INJECTION.NASL documents that input from the...

CVE-2006-0495

Cross-site scripting XSS vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB aka MyBulletinBoard 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header $url variable...

CVE-2006-0495

The CVE-2006-0495 entry concerns MyBB (MyBulletinBoard) 1.02. A Cross‑Site Scripting (XSS) flaw exists in the Add Thread to Favorites feature implemented in usercp2.php, exploitable via an HTTP Referer header (the $url variable). This allows remote attackers to inject arbitrary web script or HTML...

CVE-2006-0495

Cross-site scripting XSS vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB aka MyBulletinBoard 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header $url variable...

CVE-2005-4711

SQL injection vulnerability in Neocrome Land Down Under LDU 801 allows remote attackers to execute arbitrary SQL commands via an HTTP Referer header. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2003-1186

Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 allows remote attackers to execute arbitrary code via a long HTTP Referer header...

RHEL 2.1 : kdelibs (RHSA-2003:236)

This erratum provides updated KDE packages that resolve a security issue in Konquerer. KDE is a graphical desktop environment for the X Window System. Konqueror is the file manager for the K Desktop Environment. George Staikos reported that Konqueror may inadvertently send authentication...

CVE-2003-1186

Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 allows remote attackers to execute arbitrary code via a long HTTP Referer header...

TelCondex SimpleWebserver 2.12.30210 build 3285 - HTTP Referer Remote Buffer Overflow

TelCondex SimpleWebserver 2.12.30210 build 3285 - HTTP Referer Remote Buffer Overflow source: https://www.securityfocus.com/bid/8925/info A vulnerability has been reported in SimpleWebServer that may allow a remote attacker to cause a denial of service condition or execute arbitrary code on...

CVE-2003-0459

KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites...

Moderate: Red Hat Security Advisory: : Updated KDE packages fix security issue

This erratum provides updated KDE packages that resolve a security issue in Konquerer. KDE is a graphical desktop environment for the X Window System. Konqueror is the file manager for the K Desktop Environment. George Staikos reported that Konqueror may inadvertently send authentication...