797 matches found
CVE-2019-6726
The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wppostratingsclearfastestcache and rmfolderrecursively in wpFastestCache.php mishandle ../ in an HTTP Referer header...
CVE-2019-6726
The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wppostratingsclearfastestcache and rmfolderrecursively in wpFastestCache.php mishandle ../ in an HTTP Referer header...
CVE-2019-12362
EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php...
Cross site scripting
EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php...
CVE-2019-12362
EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php...
CVE-2018-12300
Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter...
Design/Logic Flaw
Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter...
WordPress WP Statistics Plugin < 12.6.3 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.142359";...
CVE-2019-10864
The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request...
CVE-2019-10864
The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request...
Cross site request forgery (csrf)
The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request...
Hiro: Blockstack Browser For Mac leaks "Core API Password" to 3rd parties
Hi Blockstack! 😃 I noticed that BlockStack Browser for Mac version is leaking the CoreAPIPassword via Referer Header to several websites: appco.imgix.net a third party site! F471236 api.app.co seems to have some blockstack affiliation? F471235 browser-api.blockstack.org F471237 Steps to Reproduce...
Nextcloud: WordPress vulnerable to multiple attacks at https://nextcloud.com
summary: your current version of WordPress is available to multiple attacks check INFO.php available attacks: - Unauthenticated Arbitrary File Deletion - lib/IPTraf.php User-Agent Header Stored XSS - Password Creation Restriction Bypass - wp-admin/admin.php whois Parameter Stored XSS - XSS & IAA ...
Technicolor MediaAccess TG789vac v2 HP Device Cross-Site Scripting Vulnerability
Technicolor MediaAccess TG789vac v2 HP is a gateway device from the French Technicolor group. A cross-site scripting vulnerability exists in the admin web interface of Technicolor MediaAccess TG789vac v2 HP devices with firmware version 16.3.7190-2761005-20161004084353, which can be exploited by...
CVE-2018-8827
The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS...
CVE-2018-8827
The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS...
Cross site scripting
The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS...
CVE-2018-18244
Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header...
Cross site scripting
Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header...
CVE-2018-18244
Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header...