CVE-2016-3045

IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history...

CVE-2016-3045

IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history...

Information disclosure

IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history...

CVE-2016-3045

IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history...

Serendipity Open Redirect Vulnerability

Serendipity is a PHP-based blogging system developed by Serendipity team. The system supports the creation of online journals, blogs, web pages and more. An open redirection vulnerability exists in comment.php in Serendipity in versions 2.0.5 and earlier, which allows remote attackers to redirect...

Phire CMS 2.0.0 Cross Site Scripting

Title Phire CMS HTTP Request POST /phirecms/phire/config HTTP/1.1 Headers: ... Post Data: datetimeformat=&datetimeformatcustom=%22%3E%3Cscript%3Ealert%281337%29%3C%2Fscript%3E&pagination=25&systemtheme=default&submit=Save HTTP Response...

Wolf CMS Stored Cross-Site Scripting Vulnerability

Wolf CMS is a PHP-based open source content management system CMS developed by the Wolf CMS team. The system provides user interface , templates , user management and rights management and other functions . A stored cross-site scripting vulnerability exists in Wolf CMS version 0.8, which stems fr...

OLX: [Critical] Delete any account

Hi Guys i found a vulnerable endpoint the can deletes any logged in user the vulnerable url is olx.com/myaccount/delete/ with only one parameter called removehash POST /account/register/ HTTP/1.1 Host: olx.com.eg User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.7; rv:47.0 Gecko/20100101...

WordPress Count per Day 3.5.4 Plugin - Persistent Cross-Site Scripting

Exploit for php platform in category web applications Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin Abstract A Cross-Site Scripting vulnerability was found in the Count per Day WordPress Plugin. This issue can be exploited by an unauthenticated attacker and allows an...

WordPress Count Per Day 3.5.4 Persistent Cross Site Scripting

------------------------------------------------------------------------ Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin ------------------------------------------------------------------------ Julien Rentrop, July 2016...

WordPress Live Chat Support 6.2.00 Cross Site Scripting

------------------------------------------------------------------------ Persistent Cross-Site Scripting in WP Live Chat Support plugin ------------------------------------------------------------------------ Han Sahin, July 2016...

The vulnerability of the Zyxel ZLD operating system allows a remote attacker to execute arbitrary code on the web server.

Exploiting a vulnerability in the operating system of the Zyxel ZyWALL USG 300 network firewall/switch allows a malicious actor to inject any desired web script through the Referer header. This is done by improperly handling the “404” error page, thereby compromising the integrity of data process...

DEBIAN-CVE-2016-5739

The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy CSP protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication toke...

UBUNTU-CVE-2016-5739

The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy CSP protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication toke...

CVE-2016-5739

The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy CSP protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication toke...

CVE-2016-5739

The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy CSP protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication toke...

The vulnerability of the Moodle learning management system allows a perpetrator to gain access to protected information.

The vulnerability of the Moodle learning management system is related to deficiencies in restricting access to certain links. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to protected information by reading the Referer header...

金窗教务系统 /web/web/lanmu/lanmushow.asp 等3处需要Referer头的GET型注入

No description provided by source...

MGASA-2016-0122 Updated moodle packages fix security vulnerability

In Moodle before 2.8.11, teachers who otherwise were not supposed to see students' emails could see them in the participants list CVE-2016-2151. In Moodle before 2.8.11, Moodle traditionally trusted content from external DB, however it was decided that external datasources may not be aware of web...

UBUNTU-CVE-2015-3272

Open redirect vulnerability in the cleanparam function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer...