Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 Referer HTTP header to misc.php or the 2 category name when deleting a category in admincategories.php...

CVE-2007-2046

Multiple CRLF injection vulnerabilities in adclick.php in a Openads phpAdsNew 2.0.11 and earlier and b Openads for PostgreSQL phpPgAds 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in 1 the dest parameter...

CVE-2006-7125

The CVE-2006-7125 entry describes a Cross-site Scripting (XSS) vulnerability in Joomla BSQ Sitestats versions 1.8.0 and 2.2.1. The issue allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly sanitized when an administrator views site sta...

CVE-2007-1230

Multiple cross-site scripting XSS vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via 1 the Referer HTTP header or 2 the URI, a different vulnerability than CVE-2007-1049...

CVE-2007-0760

CVE-2007-0760 affects EQdkp versions 1.3.1 and earlier. The vulnerability stems from authenticating administrative requests by checking the HTTP Referer for an admin/ URL, which enables remote attackers to read or modify account names and passwords through a spoofed Referer. The provided document...

httpd cross-site scripting flaw in mod_imap

Cross-site scripting XSS vulnerability in the modimap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps...

CVE-2006-2795

Multiple cross-site scripting XSS vulnerabilities in XiTi Tracking Script 6 and 7 RC allow remote attackers to inject arbitrary web script or HTML via 1 the xtref parameter in xiti.js and 2 an HTTP Referer header field. NOTE: the provenance of this information is unknown; the details are obtained...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in XiTi Tracking Script 6 and 7 RC allow remote attackers to inject arbitrary web script or HTML via 1 the xtref parameter in xiti.js and 2 an HTTP Referer header field. NOTE: the provenance of this information is unknown; the details are obtained...

CVE-2005-4711

Neocrome Land Down Under (LDU) 801 is affected by CVE-2005-4711: SQL injection via input from the HTTP Referer header. The issue allows remote attackers to execute arbitrary SQL commands on the backend database. The Nessus NASL item for LDU_REFERER_SQL_INJECTION.NASL documents that input from the...

CVE-2006-0495

Cross-site scripting XSS vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB aka MyBulletinBoard 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header $url variable...

CVE-2006-0495

The CVE-2006-0495 entry concerns MyBB (MyBulletinBoard) 1.02. A Cross‑Site Scripting (XSS) flaw exists in the Add Thread to Favorites feature implemented in usercp2.php, exploitable via an HTTP Referer header (the $url variable). This allows remote attackers to inject arbitrary web script or HTML...

CVE-2006-0495

Cross-site scripting XSS vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB aka MyBulletinBoard 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header $url variable...

CVE-2005-4711

SQL injection vulnerability in Neocrome Land Down Under LDU 801 allows remote attackers to execute arbitrary SQL commands via an HTTP Referer header. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

httpd cross-site scripting flaw in mod_imap

Cross-site scripting XSS vulnerability in the modimap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps...

DEBIAN-CVE-2005-3352

Cross-site scripting XSS vulnerability in the modimap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps...

JVN#15243167 Problem with referer header handling on mobile phone web browsers

Impact Referer information may be unintendedly sent to a server under certain operating conditions. Solution Products Affected For more information, refer to the vendors' websites...

CVE-2005-1894

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker...

CVE-2005-1894

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing code into the Referer header, which is injected into referer.php. Affected software: FlatNuke 2.5.3. Root cause: unsafely handling the Referer header leads to code execution. Imp...

CVE-2005-1894

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker...

PT-2005-2851 · Flatnuke · Flatnuke

Name of the Vulnerable Software and Affected Versions: FlatNuke version 2.5.3 Description: A direct code injection issue allows remote attackers to execute arbitrary PHP code by placing the code into the referer header of an HTTP request. This causes the code to be injected into referer.php, whic...