797 matches found
CVE-2018-18244
The CVE-2018-18244 entry corresponds to a cross-site scripting vulnerability in VIVOTEK Network Camera Series. The affected component is the syslog.html page, exploitable on firmware versions 0x06x to 0x08x. An attacker can remotely inject and execute arbitrary JavaScript in the context of a user...
Information Disclosure
kibana is vulnerable to information disclosure. An improperly initialized kibana login screen causes user-entered credentials to be shown in the URL bar and allows untrusted parties to obtain the user's credentials via access logs or through the Referer header when the user browses to another...
CVE-2018-18655
Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting...
UBUNTU-CVE-2018-18655
Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting...
CVE-2018-18655
Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting...
DEBIAN-CVE-2018-18655
Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting...
CVE-2018-18655
Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting...
CVE-2018-18655
Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting...
CVE-2018-18655
CVE-2018-18655 affects Prayer through 1.3.5, a web mail server. The issue is caused by header.t lacking a no-referrer setting, causing a Referer header to leak a user’s username when the user clicks a link in an email. Connected sources confirm the same description across multiple advisories (Evi...
CVE-2015-9273
CVE-2015-9273 affects the WordPress plugin wp-slimstat (Slimstat Analytics) , with an XSS vulnerability exploitable via an HTTP Referer header or a related JavaScript Referer tracking field. Affected versions are prior to 4.1.6.1 . The issue is documented across multiple sources confirming a stor...
CVE-2018-15700
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field...
CVE-2018-17130
PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,...
Design/Logic Flaw
PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,...
CVE-2018-17130
PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,...
PHPMyWind Cross-Site Scripting Vulnerability (CNVD-2018-19539)
PHPMyWind is a set of PHP and MySQL-based and W3C-compliant enterprise website building solutions. A cross-site scripting vulnerability exists in PHPMyWind version 5.5. A remote attacker can exploit this vulnerability to obtain an administrator cookie and perform other actions with the help of th...
CVE-2018-14398
An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to steal credentials...
CVE-2018-14398
The CVE-2018-14398 entry affects Creme CRM 1.6.12: the cancel button’s value is sourced from the HTTP Referer header, enabling potential redirection to a fraudulent login page to steal credentials. Affected component: web UI logic handling cancel navigation; root cause: using Referer content in U...
idreamsoft iCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-19090)
idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A cross-site request forgery vulnerability exists in the admincp.php file in version 7.0.11 of idreamsoft iCMS. The vulnerability stems from the detection of CSRFTOKEN when it does not exist, and the program...
CVE-2018-16314
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRFTOKEN, if CSRFTOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header...
Crlf injection
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRFTOKEN, if CSRFTOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header...