166 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in dopvCOMET 0009b allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log...
CVE-2013-0709
CVE-2013-0709 concerns a cross-site scripting (XSS) vulnerability in the dopvSTAR* 0091 product. The issue arises from how the HTTP Referer header is handled during display of the access log, allowing remote attackers to inject arbitrary web script or HTML. The connected JVN entries confirm the a...
CVE-2013-0708
CVE-2013-0708 concerns a cross-site scripting (XSS) vulnerability in dopvCOMET* 0009b, where an attacker can inject arbitrary scripts via the HTTP Referer header during display of the access log. The vulnerability could allow a user’s browser to execute injected code, as indicated by multiple sou...
Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart
Advisory ID: HTB23135 Product: Quick.Cms, Quick.Cart Vendor: OpenSolution team Vulnerable Versions: Quick.Cms 5.0, Quick.Cart 6.0 and probably prior Tested Version: Quick.Cms 5.0, Quick.Cart 6.0 Vendor Notification: December 19, 2012 Vendor Patch: December 20, 2012 Public Disclosure: January 9,...
Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart
High-Tech Bridge Security Research Lab discovered XSS vulnerability in Quick.Cms and Quick.Cart - two products developed by OpenSolution team, which can be exploited to perform cross-site scripting attacks. 1. Cross-Site Scripting XSS vulnerability in Quick.Cms and Quick.Cart: CVE-2012-6430 The...
CVE-2012-3848
Multiple cross-site scripting XSS vulnerabilities in the web console in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to d4d/exporters.php, 2 the HTTP Referer header to d4d/exporters.php, or 3...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the web console in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to d4d/exporters.php, 2 the HTTP Referer header to d4d/exporters.php, or 3...
CVE-2011-1062
Multiple cross-site scripting XSS vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the 1 sContext, 2 sort, 3 dir, and 4 show parameters in a save action to index.php; the 5 dir and 6 show parameters to printlist.php;...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to 1 admin/adminconfig.php, 2 admin/adminmodules.php, 3 delete.php, 4 editlink.php, 5 submit.php, 6 submitgroups.php, 7...
CVE-2009-3444
Cross-site scripting XSS vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 aka news to email action...
CVE-2009-3444
The CVE-2009-3444 entry concerns the e107 web platform (versions 0.7.16 and earlier) with a Cross-Site Scripting (XSS) vulnerability in email.php triggered via the HTTP Referer header in the news.1 (news to email) action. Affected component: e107 (email.php within news-to-email flow). Root cause:...
Code injection
modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gvfolderdata parameter, as demonstrated by modifying modules/tool/url2header.php...
CVE-2008-6983
modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gvfolderdata parameter, as demonstrated by modifying modules/tool/url2header.php...
Sql injection
SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header...
CVE-2009-1842
SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header...
CVE-2007-2952
Multiple stack-based buffer overflows in the filter service aka k9filter.exe in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow 1 remote attackers to execute arbitrary code via a long HTTP Referer header to the K9 Web Protection Administration interface and 2 man-in-the-middle attacke...
Stack overflow
Multiple stack-based buffer overflows in the filter service aka k9filter.exe in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow 1 remote attackers to execute arbitrary code via a long HTTP Referer header to the K9 Web Protection Administration interface and 2 man-in-the-middle attacke...
CVE-2007-2952
Multiple stack-based buffer overflows in the filter service aka k9filter.exe in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow 1 remote attackers to execute arbitrary code via a long HTTP Referer header to the K9 Web Protection Administration interface and 2 man-in-the-middle attacke...
Secunia Research: Akamai Red Swoosh Cross-Site Request Forgery
====================================================================== Secunia Research 06/06/2008 - Akamai Red Swoosh Cross-Site Request Forgery Vulnerabilities - ====================================================================== Table of Contents Affected...
Cross site request forgery (csrf)
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely ...