CVE-2007-3457

Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file...

CVE-2007-3457

Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file...

Flash Player Multiple Vulnerabilities (APSB07-12)

According to its version number, the instance of Flash Player on the remote Windows host could allow for arbitrary code execution by means of a malicious SWF file. In addition, it may also fail to sufficiently validate the HTTP Referer header, which may aid in cross-site request forgery attacks...

Cross site scripting

Cross-site scripting XSS vulnerability in the skeltoac stats Automattic Stats 1.0 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer field...

CVE-2007-3288

Cross-site scripting XSS vulnerability in the skeltoac stats Automattic Stats 1.0 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer field...

WordPress Automattic Stats Plugin <= 1.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the HTTP Referer field. Solution Update the plugin...

CVE-2006-7125

Cross-site scripting XSS vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics...

CVE-2006-7125

Cross-site scripting XSS vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics...

CVE-2006-7125

The CVE-2006-7125 entry describes a Cross-site Scripting (XSS) vulnerability in Joomla BSQ Sitestats versions 1.8.0 and 2.2.1. The issue allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly sanitized when an administrator views site sta...

CVE-2006-7020

CRLF injection vulnerability in 1 include/incact/actformmailer.php and possibly 2 sampleextphp/mailfileform.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer HTTPREFERER...

CVE-2006-7020

CRLF injection vulnerability in 1 include/incact/actformmailer.php and possibly 2 sampleextphp/mailfileform.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer HTTPREFERER...

CVE-2007-0760

CVE-2007-0760 affects EQdkp versions 1.3.1 and earlier. The vulnerability stems from authenticating administrative requests by checking the HTTP Referer for an admin/ URL, which enables remote attackers to read or modify account names and passwords through a spoofed Referer. The provided document...

[Full-disclosure] CounterChaos &lt;= 0.48c SQL Injection Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: CounterChaos = 0.48c SQL Injection Vulnerability Release Date: 2006/08/04 Last Modified: 2006/08/03 Author: Tamriel tamriel at gmx dot net Application: CounterChaos = 0.48c Risk: Moderate Vendor Status: not contacted Vendor Site:...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in XiTi Tracking Script 6 and 7 RC allow remote attackers to inject arbitrary web script or HTML via 1 the xtref parameter in xiti.js and 2 an HTTP Referer header field. NOTE: the provenance of this information is unknown; the details are obtained...

CVE-2006-2795

Multiple cross-site scripting XSS vulnerabilities in XiTi Tracking Script 6 and 7 RC allow remote attackers to inject arbitrary web script or HTML via 1 the xtref parameter in xiti.js and 2 an HTTP Referer header field. NOTE: the provenance of this information is unknown; the details are obtained...

Cross site scripting

Cross-site scripting XSS vulnerability in Neocrome Land Down Under LDU in Neocrome Seditio 102 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer field...

CVE-2006-2634

Cross-site scripting XSS vulnerability in Neocrome Land Down Under LDU in Neocrome Seditio 102 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer field...

CVE-2006-2634

Cross-site scripting XSS vulnerability in Neocrome Land Down Under LDU in Neocrome Seditio 102 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer field...

Session fixation

Adobe Document Server for Reader Extensions 6.0 includes a user's session jsession ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session...

CVE-2006-1787

Adobe Document Server for Reader Extensions 6.0 includes a user's session jsession ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session...