CVE-2010-0660

Removed by vendor...

CVE-2009-3444

Cross-site scripting XSS vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 aka news to email action...

CVE-2009-3444

The CVE-2009-3444 entry concerns the e107 web platform (versions 0.7.16 and earlier) with a Cross-Site Scripting (XSS) vulnerability in email.php triggered via the HTTP Referer header in the news.1 (news to email) action. Affected component: e107 (email.php within news-to-email flow). Root cause:...

e107 0.7.16 - Referer header Cross-Site Scripting

e107 0.7.16 - Referer header Cross-Site Scripting Hello Bugtraq! I want to warn you about Cross-Site Scripting vulnerability in E107. Which I found at 31.01.2009 and disclosed recently. XSS: At page for sending news to email http://site/email.php?news.1 it's possible to conduct XSS attack via...

Cross-Site Scripting vulnerability in E107

Hello 3APA3A! I want to warn you about Cross-Site Scripting vulnerability in E107. XSS: At page for sending news to email http://site/email.php?news.1 it's possible to conduct XSS attack via Referer header. Particularly it can be done via flash. Referer: 'scriptalertdocument.cookie/script...

E107 Referer Cross Site Scripting

Hello Bugtraq! I want to warn you about Cross-Site Scripting vulnerability in E107. Which I found at 31.01.2009 and disclosed recently. XSS: At page for sending news to email http://site/email.php?news.1 it's possible to conduct XSS attack via Referer header. Particularly it can be done via flash...

e107 0.7.16 - Referer header Cross-Site Scripting

Hello Bugtraq! I want to warn you about Cross-Site Scripting vulnerability in E107. Which I found at 31.01.2009 and disclosed recently. XSS: At page for sending news to email http://site/email.php?news.1 it's possible to conduct XSS attack via Referer header. Particularly it can be done via flash...

CVE-2009-2797

The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server...

Apple iOS 3.x < 3.1 Multiple Vulnerabilities

Binary data 5160.prm...

CVE-2008-7143

phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header...

Code injection

modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gvfolderdata parameter, as demonstrated by modifying modules/tool/url2header.php...

CVE-2008-6983

modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gvfolderdata parameter, as demonstrated by modifying modules/tool/url2header.php...

Claroline 'notfound.php' Cross-Site Scripting Vulnerability

The host is running Claroline and is prone to SQL Injection Vulnerability. OpenVAS Vulnerability Test $Id: gbclarolinexssvuln.nasl 4865 2016-12-28 16:16:43Z teissa $ Claroline 'notfound.php' Cross-Site Scripting Vulnerability Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone Networks Gmb...

CVE-2009-1907

Cross-site scripting XSS vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header...

Sql injection

SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header...

CVE-2009-1842

SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header...

PHP-Nuke 8.0 SQL Injection

PHP Nuke v.8.0 referer SQL Injection Author: Gerendi Sandor Attila Original advisory: http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html Date: May 14, 2009 Package: PHP-Nuke Product homepage: http://phpnuke.org/ Versions Affected: v.8.0 Other versions may also be affected...

Claroline 1.8.11 Cross Site Scripting

Author: Gerendi Sandor Attila Original Advisory: http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html Date: May 05, 2009 Package: Claroline 1.8.11 Product Homepage: http://www.claroline.net/ Versions Affected: v.1.8.11 Other versions may also be affected Severity: Medium...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via 1 the close parameter to showThumb.aspx; 2 SBredirect and 3 SBfeedback parameters in processsend.asp, as reachable through default.asp; 4 paramCode and 5 cColor...

PT-2009-3647 · Pixie · Pixie Cms

Name of the Vulnerable Software and Affected Versions: Pixie CMS version 1.01a Description: The issue allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request, specifically in the referral function in admin/lib/lib logs.php. Recommendations: For Pixie CMS...