CVE-2015-7391

Multiple cross-site scripting XSS vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the 1 selectedenddate or 2 selectedstartdate parameter to lib/results/tcCreatedPerUserOnTestProject.php; the 3 containerType parameter to...

Code injection

functionsvbseohook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php...

CVE-2014-9463

functionsvbseohook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php...

CVE-2014-9463

The CVE-2014-9463 issue concerns the VBSEO module for vBulletin, specifically the functions_vbseo_hook.php file. Multiple sources (NVD CVE entry and CNVD) describe a remote code execution vulnerability triggered by a crafted HTTP Referer header directed at visitormessage.php, allowing remoteAuthe...

Updated cacti packages fix security vulnerabilities

Cross-site scripting XSS vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the diehtmlinputerror function in lib/htmlvalidate.php CVE-2017-10970. Cross-site scripting XSS vulnerability in...

CVE-2017-12651

Cross Site Request Forgery CSRF exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked...

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked...

CVE-2017-12651

CVE-2017-12651 affects the WordPress Loginizer plugin (versions prior to 1.3.6). The vulnerability is a Cross-Site Request Forgery (CSRF) in the Blacklist and Whitelist IP Wizard (init.php) due to the HTTP Referer header not being checked. This can allow an attacker to manipulate IP blacklist/whi...

CVE-2017-12651

Cross Site Request Forgery CSRF exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked...

CVE-2017-12066

Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancelurl variable. NOTE: this vulnerability exists because of an incomplete fi...

Cross site scripting

Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancelurl variable. NOTE: this vulnerability exists because of an incomplete fi...

CVE-2017-12066

Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancelurl variable. NOTE: this vulnerability exists because of an incomplete fi...

CVE-2017-12066

Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancelurl variable. NOTE: this vulnerability exists because of an incomplete fi...

CVE-2017-12066

Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancelurl variable. NOTE: this vulnerability exists because of an incomplete fi...

CVE-2017-12066

CVE-2017-12066 affects Cacti prior to 1.1.16: an XSS in aggregate_graphs.php allows remote authenticated users to inject script via crafted HTTP Referer headers, tied to the $cancel_url variable and incomplete fix for CVE-2017-11163 (ENT_QUOTES flag). The issue is resolved in 1.1.16; remediation ...

CVE-2017-11691

Cross-site scripting XSS vulnerability in authprofile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...

Cross site scripting

Cross-site scripting XSS vulnerability in authprofile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...

Open Redirects

Moodle is vulnerable to open redirects. Attackers can perform phishing attacks and other open redirects through an error page which contains links to a URL from the HTTP Referer header...

CVE-2017-11163

Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancelurl variable...

CVE-2017-11163

Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancelurl variable...