797 matches found
CVE-2022-27109
CVE-2022-27109 affects OrangeHRM 4.10. The issue is a Referer header injection that enables redirect vulnerabilities. The connected Red Hat/CNVD entries reiterate the same description. The documents do not provide details on affected subcomponents, exact exploit steps, scope, or a remediation pat...
CVE-2022-27109
OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability...
Orangehrm 输入验证错误漏洞
Orangehrm is a human resource management system HRM from Orangehrm USA. The system supports personnel information management, leave management, time and attendance management and recruitment management, etc. Orangehrm version 4.10 has a Referer header injection redirection vulnerability, no...
ADC 13.0 - Error : Please log on. The server met an error. Please try again or contact your administrator
Error after login to Citrix Gateway: "Please log on The server met an error. Please try again or contact your administrator" Logging in works fine internally through StoreFront server, but fails when trying to log on through Citrix Gateway. The session policy was noted to be looking for a referer...
CVE-2021-24917 WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header
The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user...
Adobe Experience Manager Access Control Error Vulnerability
Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications, and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. Adobe Experience Manager in versio...
Oracle Linux 8 : curl (ELSA-2021-4511)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4511 advisory. - fix STARTTLS protocol injection via MITM CVE-2021-22947 - fix protocol downgrade required TLS bypass CVE-2021-22946 - fix TELNET stack contents...
Adobe Experience Manager 缓冲区错误漏洞
Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications, and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. Adobe Experience Manager in versio...
curl: Leak of authentication credentials in URL via automatic Referer
It was discovered that libcurl did not remove authentication credentials from URLs when automatically populating the Referer HTTP request header while handling HTTP redirects. This could lead to exposure of the credentials to the server to which requests were redirected...
WordPress WPS Hide Login plugin <= 1.9 - Protection Bypass with Referer-Header vulnerability
Protection Bypass with Referer-Header vulnerability discovered by Daniel Ruf in WordPress WPS Hide Login plugin versions = 1.9. Solution Update the WordPress WPS Hide Login plugin to the latest available version at least 1.9.1...
WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header
The plugin has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. PoC curl --referer "something" -sIXGET https://example.com/wp-admin/options.php HTTP/2 302 ... location:...
WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header
The plugin has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. curl --referer "something" -sIXGET https://example.com/wp-admin/options.php HTTP/2 302 ... location:...
CLSA-2021-1634922432 Fixed CVE-2021-22876 in curl
back-port urlapi from v7.75.0 used by CVE-2021-22876 - strip credentials from the auto-referer header CVE-2021-22876...
Open Redirect in firefly-iii/firefly-iii
Steps: 1. Login in application and and navigate to bill section and create bill and capture the request. Web applications use different techniques to redirect users to the next page. Apps may use URL query parameters, header values, with JavaScript code, or it may be backend code. In case of this...
SRC-2021-0022 : Dedecms ShowMsg Template Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dedecms. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the rendering templates. The issue results from the lac...
CVE-2021-39250
Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widget...
Cross site scripting
Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widget...
CVE-2021-39250
Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widget...
CVE-2021-39250
Invision Community (IPS Community Suite/IP-Board) is affected by a stored XSS in versions prior to 4.6.5.1, which can lead to code execution. The vulnerability arises because an uploaded file can be placed inside an IFRAME within user-generated content. For exploitation, an attacker can rely on t...
Invision Community 跨站脚本漏洞
Invision Community is a software for designing and developing mobile application UI from Invision Inc. in the United States. A cross-site scripting vulnerability exists in Invision Community that stems from the product's ability to allow uploading of files into IFRAME elements. The vulnerability...