797 matches found
CVE-2014-4687
Multiple cross-site scripting XSS vulnerabilities in pfSense before 2.1.4 allow remote attackers to inject arbitrary web script or HTML via 1 the starttime0 parameter to firewallschedule.php, 2 the rssfeed parameter to rss.widget.php, 3 the servicestatusfilter parameter to...
SuSE 6.3/6.4/7.0 sdb Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3208/info An input validation error exists in sdb, the SuSE Support Data Base. The problem exists in the sdbsearch.cgi script, which uses data directly from the 'Referer' header field from a HTTP request as a path when...
Deerfield VisNetic WebSite 3.5.13 .1 Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6369/info A vulnerability has been discovered in VisNetic Website when generating a 404 page for a non-existent resources. The issue is due to insufficient sanitization of the HTTP 'referer' header. It is possible to caus...
Splunk '/en-US/app/' Referer Header XSS
The version of Splunk hosted on the remote web server is affected by a cross-site scripting vulnerability due to a failure to properly sanitize user-supplied input to the 'Referer' HTTP header. An attacker can exploit this issue to inject arbitrary HTML and script code into a user's browser to be...
Allegro RomPager < 4.51 HTTP Referer Header XSS Vulnerability
Allegro RomPager is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2013-6786
Cross-site scripting XSS vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitra...
CVE-2013-6786
CVE-2013-6786 is an XSS vulnerability in Allegro RomPager prior to 4.51 used on ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D‑Link DSL-2640R/2641R. The flaw arises when the forbidden author header protection is bypassed, allowing remote attackers to inject arbitrary web sc...
PT-2014-3201 · D Link +5 · D-Link Dsl-2641R +6
Name of the Vulnerable Software and Affected Versions: Allegro RomPager versions prior to 4.51 ZyXEL P660HW-D1 affected versions not specified Huawei MT882 affected versions not specified Sitecom WL-174 affected versions not specified TP-LINK TD-8816 affected versions not specified D-Link DSL-264...
FlashCanvas 1.5 proxy.php XSS Vulnerability
Advisory Information Title: FlashCanvas proxy.php XSS Vulnerability Date published: 11 December 2013 Reference: CVE-2013-6880 Advisory Summary Script does not adequately verify the Referer header before requesting via curl the remote URL specified in the ‘url’ GET parameter and rendering it. Vend...
CVE-2013-7277
Multiple cross-site scripting XSS vulnerabilities in Andy's PHP Knowledgebase Aphpkb before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP Referer header to saa.php, 2 username parameter to login.php, or 3 keywordlist parameter to keysearch.php...
RomPager HTTP Referer Header XSS
The remote RomPager HTTP server is affected by a cross-site scripting vulnerability. The server does not properly sanitize the referer header value when generating a 404 error page. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
Google Chrome 25.0.1364.152 HTTP Referer Header Faking
Advisory: XMLHttpRequest HTTP Referer Header Faking Author: Liad Mizrachi Vendor URL: http://www.chromium.org/ Vulnerability Status: Fixed Application Version: Google Chrome v25.0.1364.152 ========================== Vulnerability Description ========================== Chromium is the open source...
CVE-2013-3499
GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted header...
CVE-2013-0708
Cross-site scripting XSS vulnerability in dopvCOMET 0009b allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log...
CVE-2013-0709
Cross-site scripting XSS vulnerability in dopvSTAR 0091 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log...
Cross site scripting
Cross-site scripting XSS vulnerability in dopvSTAR 0091 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log...
Cross site scripting
Cross-site scripting XSS vulnerability in dopvCOMET 0009b allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log...
CVE-2013-0709
CVE-2013-0709 concerns a cross-site scripting (XSS) vulnerability in the dopvSTAR* 0091 product. The issue arises from how the HTTP Referer header is handled during display of the access log, allowing remote attackers to inject arbitrary web script or HTML. The connected JVN entries confirm the a...
CVE-2013-0708
CVE-2013-0708 concerns a cross-site scripting (XSS) vulnerability in dopvCOMET* 0009b, where an attacker can inject arbitrary scripts via the HTTP Referer header during display of the access log. The vulnerability could allow a user’s browser to execute injected code, as indicated by multiple sou...
CORS requests can omit the preflight request – Opera Security Advisories
Cross-Origin Resource Sharing CORS requests are required to send a preflight request if custom headers are included, to check that the host wishes to allow the full request to be made. An example of where this may be needed is for sites that use a custom header with a static value as part of thei...