http-vuln-cve2013-6786 NSE Script

Detects a URL redirection and reflected XSS vulnerability in Allegro RomPager Web server. The vulnerability has been assigned CVE-2013-6786. The check is general enough script tag injection via Referer header that some other software may be vulnerable in the same way. See also:...

HTTP GET Request Invalid 'Referer' Header Detection

Binary data 8998.prm...

Flox: Content spoofing through Referel header

I found content spoofing/ text injection through referel header Steps to reproduce: whenever you came to this page https://flox.io/404/ You'll see an error message like 404: Baaah! Nothing existed there, so now you’re here. You appear to be a traveller from a distant land. From googling I found a...

UBUNTU-CVE-2015-3175

Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer...

WordPress WPML plugin SQL injection vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WPML is one of the multi-language plug-ins. A SQL injection vulnerability exists in versions of the WordPress WPML...

CVE-2015-2314

SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed...

Sql injection

SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed...

EUVD-2015-1203

Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header...

WordPress plugin Simple visitor stat has multiple cross-site scripting vulnerabilities

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Simple visitor stat plugin for WordPress is a visitor statistics plugin. The Simple visitor stat plugin for WordPre...

AdaptCMS 'Referer' Header Field HTTP Open Redirect Vulnerability

AdaptCMS is a content management system. An open redirection vulnerability exists in AdaptCMS, which can be exploited by an attacker to construct a specially crafted URI and trick users into unknowingly being redirected to an attacker-controlled website...

vBulletin Moderator Control Panel 4.2.2 CSRF

Exploit Title: vBulletin Moderator Control Panel CSRF Google Dork: "Powered by vBulletin® Version 4.2.2" Date: 16-12-2014 Exploit Author: Tomescu Daniel http://daniel-tomescu.com https://rstforums.com/forum Vendor Homepage: http://www.vbulletin.com/en/vb4-features/ Software Link: Premium Version:...

WP Statistics <= 8.4 - Unauthenticated Referer Header Stored XSS

On the "Statistics Visitors" screen the referer link is not filtered. Malicious JavaScript can be injected by an unauthenticated user. This simple cURL command with a custom referer header makes it possible: curl -H 'Referer: javascript:alertlocation.href;' 'http://wp.dev'...

Wordfence 5.2.2 - XSS in Referer Header

The Wordfence Security – Firewall & Malware Scan WordPress plugin was affected by a XSS in Referer Header security vulnerability...

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Small Business RV Series Routers

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Small Business RV Series Routers Advisory ID: cisco-sa-20141105-rv Revision 1.0 For Public Release 2014 November 5 16:00 UTC GMT...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the 1 givenName, 2 familyName, 3 address1, or 4 address2 parameter to registrationapp/registerPatient.page; the 5 comment parameter to...

CVE-2014-8071

Multiple cross-site scripting XSS vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the 1 givenName, 2 familyName, 3 address1, or 4 address2 parameter to registrationapp/registerPatient.page; the 5 comment parameter to...

CVE-2014-8380

Cross-site scripting XSS vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression...

Cross site scripting

Cross-site scripting XSS vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression...

CVE-2014-8380

Cross-site scripting XSS vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression...

CVE-2014-8380

Cross-site scripting XSS vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression...