797 matches found
CVE-2020-35124
A cross-site scripting XSS vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads...
CVE-2020-35124
A cross-site scripting XSS vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads...
Cross site scripting
A cross-site scripting XSS vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads...
CVE-2020-35124
A cross-site scripting XSS vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads...
Mautic 跨站脚本漏洞
Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails and manages customer resources. Mautic 3.2.4 suffers from a cross-site scripting vulnerability that allows remote attackers to inject executable JavaScript via the Referer header of an...
zzcms cross-site scripting vulnerability (CNVD-2020-73162)
ZZCMS is the content management system of Webmaster Merchants. A cross-site scripting vulnerability exists in the user login page of zzcms 2019. An attacker can exploit this vulnerability by injecting js code via user/login.php via the referer header...
CVE-2020-20285
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php...
CVE-2020-20285
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php...
ZZCMS 跨站脚本漏洞
ZZCMS is the content management system of Webmaster Merchants. A cross-site scripting vulnerability exists in the user login page of zzcms 2019. An attacker can exploit this vulnerability by injecting js code via user/login.php via the referer header...
U.S. Dept Of Defense: [████] SQL Injections on Referer Header exploitable via Time-Based method
Summary: SQL Injections on Referer Header exploitable via Time-Based method Description: https://owasp.org/www-community/attacks/SQLInjection Impact https://owasp.org/www-community/attacks/SQLInjection Step-by-step Reproduction Instructions First, vulnerable points:...
U.S. Dept Of Defense: [SQLI ]Time Bassed Injection at ██████████ via referer header
Hi the ████ was vulnerable to time bassed injection via referer header steps 1- copy the request to your burp suite : GET /DNCdb.php?alert= HTTP/1.1 Host: ███████ User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:81.0 Gecko/20100101 Firefox/81.0 Accept:...
CVE-2020-25786
webinc/js/info.php on D-Link DIR-816L 2.06.B09BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding except in Internet...
CVE-2020-25786
webinc/js/info.php on D-Link DIR-816L 2.06.B09BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding except in Internet...
CS Money: Site-wide CSRF on Safari due to CORS misconfiguration (not localhost)
Description Hello there, on new.cs.money or cs.money, there is anti-CSRF mechanism, which is Referer header check. However, I discovered that regex logic for checking Referer header is flawed. I found that adding or at the end of the domain pass the validation. Therefore, if a request comes from...
CVE-2020-7932
OMERO.web before 5.6.3 optionally allows sensitive data elements e.g., a session key to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target...
PYSEC-2020-244
OMERO.web before 5.6.3 optionally allows sensitive data elements e.g., a session key to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target...
Path traversal
OMERO.web before 5.6.3 optionally allows sensitive data elements e.g., a session key to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target...
Netsweeper WebAdmin unixlogin.php Python Code Injection
This module exploits a Python code injection in the Netsweeper WebAdmin component's unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request. Tested on the CentOS Linux-based...
Netsweeper WebAdmin unixlogin.php Python Code Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netsweeper WebAdmin unixlogin.php Python Code Injection', 'Description' = %q This module exploits a Python code injection in the Netsweeper...
Rockstar Games: Referer Referer Header Leakage in language changer may lead to FB token theft
In this report, the researcher discovered an open redirect vulnerability that could be exploited by changing the language on the page at https://www.rockstargames.com/GTAOnline, and cause the user's full URL potentially including sensitive tokens to be included in the Referer header to the new...