18 matches found
EUVD-2017-11319
Malware in sbrugna...
EUVD-2017-3301
Malware in sbrugna...
CVE-2017-12066
Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancelurl variable. NOTE: this vulnerability exists because of an incomplete fi...
CVE-2017-12066
CVE-2017-12066 affects Cacti prior to 1.1.16: an XSS in aggregate_graphs.php allows remote authenticated users to inject script via crafted HTTP Referer headers, tied to the $cancel_url variable and incomplete fix for CVE-2017-11163 (ENT_QUOTES flag). The issue is resolved in 1.1.16; remediation ...
CVE-2017-11691
Cross-site scripting XSS vulnerability in authprofile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...
Cross site scripting
Cross-site scripting XSS vulnerability in authprofile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...
CVE-2017-11163
Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancelurl variable...
CVE-2017-11163
The CVE-2017-11163 entry corresponds to an XSS issue in Cacti: specifically, aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject script/HTML via crafted HTTP Referer headers, tied to the $cancel_url variable. Related CVE-2017-12066 covers the same XSS vector; t...
CVE-2017-11163
Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancelurl variable...
CVE-2017-2136
Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...
Cross site scripting
Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...
CVE-2017-2136
CVE-2017-2136 (WP Statistics) affects the WordPress WP Statistics plugin, version 12.0.4 and earlier. The root cause is a cross-site scripting flaw triggered by specially crafted HTTP Referer headers, allowing an attacker to inject arbitrary script or HTML in users’ browsers. Affected products an...
CVE-2017-2136
Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...
CVE-2008-5400
Multiple cross-site request forgery CSRF vulnerabilities in mvnForum before 1.2.1 GA allow remote attackers to 1 create forums, 2 change account privileges, 3 enable accounts, or 4 disable accounts as a product administrator via unspecified vectors, possibly related to HTTP Referer headers...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in mvnForum before 1.2.1 GA allow remote attackers to 1 create forums, 2 change account privileges, 3 enable accounts, or 4 disable accounts as a product administrator via unspecified vectors, possibly related to HTTP Referer headers...
CVE-2007-5960
Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protecti...
CVE-2007-3457
Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file...
CVE-2007-3457
Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file...