PT-2008-3103 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 through 7 Description: The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer does not block dangerous HTTP request headers when certain 8-bit character sequences are...

Cross site request forgery (csrf)

Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely ...

CVE-2008-1238

Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely ...

PT-2008-2831 · Mozilla +1 · Firefox +2

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 2.0.0.13 SeaMonkey versions prior to 1.1.9 Description: The issue makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as some Cross-Site Request...

Sql injection

SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header...

Dokeos main/inc/lib/events.lib.inc.php Referer HTTP Header SQL Injection

The remote host is running Dokeos, an open source, e-learning and course management web application written in PHP. The version of Dokeos installed on the remote host fails to sanitize user input to the 'Referer' request header before using it in the 'main/inc/lib/events.lib.inc.php' script to...

openSUSE 10 Security Update : epiphany (epiphany-4870)

This update brings the Mozilla XUL runner engine to security update version 1.8.1.10 MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inne...

openSUSE 10 Security Update : seamonkey (seamonkey-4795)

This update fixed various security problems in Mozilla SeaMonkey. Following security problems were fixed: MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the sa...

Mozilla Cross-site Request Forgery flaw

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protecti...

CVE-2007-5960

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protecti...

Mozilla Cross-site Request Forgery flaw

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protecti...

Mozilla Cross-site Request Forgery flaw

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protecti...

CVE-2002-2246

Cross-site scripting XSS vulnerability in VisNetic Website before 3.5.15 allows remote attackers to inject arbitrary web script or HTML via the HTTP referer header HTTPREFERER to a non-existent page, which is injected into the resulting 404 error page...

PT-2007-6305 · Maxdev · Maxdev Md-Pro

Name of the Vulnerable Software and Affected Versions: MAXdev MDPro MD-Pro version 1.0.76 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by including a specific substring in the Referer HTTP header. The Firefox ID= substring is used to inject SQ...

Flash Player Multiple Vulnerabilities (APSB07-12)

According to its version number, the instance of Flash Player on the remote Windows host could allow for arbitrary code execution by means of a malicious SWF file. In addition, it may also fail to sufficiently validate the HTTP Referer header, which may aid in cross-site request forgery attacks...

JVN#72595280 Flash Player allows to send arbitrary Referer headers

Adobe Flash Player is a multimedia and application browser plugin for viewing Adobe Flash contents. Flash Player contains a vulnerability allowing to send arbitrary Referer headers. Impact As a flash file swf can send an arbitrary Referer header and Flash Player cannot properly validate Referer...

Cross site scripting

Cross-site scripting XSS vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header...

CVE-2007-3243

Cross-site scripting XSS vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header...

CVE-2007-3243

CVE-2007-3243 affects bbPress 0.8.1 via bb-login.php. The XSS vulnerability allows remote attackers to inject arbitrary script/HTML through the re parameter; exploitation may hinge on a specific Referer header being sent by the client. The cited sources (NVD entry) describe the issue and impact a...

CVE-2007-3243

Cross-site scripting XSS vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header...