Legal Robot: [Cross-domain Referer leakage] Password reset token leakage via referer

A security researcher discovered that sensitive information, like password reset tokens could still be leaked to analytics services like Google Analytics or via the Referer sic header. Even though tokens were immediately invalidated, we decided to re-engineer the process to eliminate any...

Legal Robot: Token leakage by referrer header & analytics

A security researcher discovered that sensitive information, like password reset tokens could still be leaked to analytics services like Google Analytics or via the Referer sic header. Even though tokens were immediately invalidated, we decided to re-engineer the process to eliminate any...

Cacti aggregate_graphs.php file cross-site scripting vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A cross-site scripting vulnerability exists in the...

DEBIAN-CVE-2017-11163

Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancelurl variable...

Hopesys Web Management System version 1.0 /include/func.common.php referer header injection vulnerability

Hopesys website management system is based on LAMP development of enterprise/government website management system. Hopesys Website Management System version 1.0 /include/func.common.php referer header injection vulnerability. An attacker can use this vulnerability to obtain sensitive database...

SQL Injection Vulnerability in HTTP_REFERER on the Home Page of Uc365 Website Classifieds Navigation System

Uc365 website classification and navigation system is a cross-platform open source software, based on PHP + MYSQL development and construction of open source website classification and catalog management system. There is a SQL injection vulnerability in the index.php file on the home page of the...

Serendipity < 2.1.1 Multiple Vulnerabilities

According to its banner, the version of Serendipity running on the remote host is prior to 2.1.1. It is, therefore, affected by multiple vulnerabilities : - A stored cross-site scripting XSS vulnerability exists in the templates/2k11/admin/category.inc.tpl script due to improper validation of the...

ESPcms latest version has http header XSS vulnerability

ESSENCE ESPCMS website management system based on LAMP development and construction of the website management system. An http header XSS vulnerability exists in the latest version of ESPcms. The attacker triggers the cross-site vulnerability by modifying the Referer value to cross-site code...

ExpressionEngine: Open redirects protection bypass

Hello, When a redirect is to be issue on an ExpressionEngine instance, a request to the following URL is made: http://HOST/PATHTOEE/index.php?URL=TARGETURL Where TARGETURL is replaced with the actual URL we desire to redirect to. The script PATHTOEEDIR/system/ee/legacy/libraries/Redirect.php is t...

CVE-2016-3403

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that 1 add, 2 modify, or 3 remove accounts by leveraging failure to use of a CSRF token and...

CVE-2016-3403

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that 1 add, 2 modify, or 3 remove accounts by leveraging failure to use of a CSRF token and...

CVE-2016-3403

Zimbra Collaboration Server (Admin Console) vulnerable to multiple CSRF flaws in versions before 8.6.0 Patch 8. CSRF tokens and referer header checks are not enforced, enabling remote attackers to hijack administrator sessions and perform add/modify/remove account actions (bugs 100885/100899). Re...

New Relic: CSRF For Adding Users

Issue The API affected is https://rpm.newrelic.com/accounts/accountid/accountviews. Only admin users are allowed to add other new users, but a normal user with knowledge of the accountid can craft a webpage which does a CSRF when an admin user visits it. There are 2 problems with it that can resu...

CVE-2017-2136

Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...

NetIQ Access Manage Cross-Site Scripting Vulnerability

NetIQ Access Manager NAM is a resource access control solution from NetIQ, USA. The solution provides multiple authentication, data encryption, single sign-on and SSL VPN for local and remote users. A cross-site scripting vulnerability exists in the /NAGErrors URI in NAM versions 4.2 and 4.3, whi...

CVE-2017-5191

An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header...

Cross site scripting

An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header...

CVE-2017-5191

NetIQ Access Manager (NAM) versions 4.2 and 4.3 contain a cross-site scripting (XSS) vulnerability in the /NAGErrors URI. The issue arises because the Access Gateway Error page does not validate the HTTP Referer header, enabling a remote attacker to inject arbitrary web script or HTML. No exploit...

CVE-2017-5191

An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header...

WordPress plugin "WP Statistics" vulnerable to cross-site scripting

Overview The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability CWE-79 in multiple pages due to a flaw in processing HTTP Referer headers. Note that this vulnerability is different from JVN77253951. Gen Sato of Mitsui Bussan Secure...