Icy Phoenix 1.3.0.53a HTTP Referer stored XSS

No description provided by source. Exploit Title: Icy Phoenix 1.3.0.53a http referer stored XSS Google Dork: Powered by Icy Phoenix http://www.icyphoenix.com/ Date: 16-2-2011 Author: Saif El-Sherei Software Link: http://www.icyphoenix.com/dload.php?action=file&fileid=171 Version: Icy Phoenix...

LifeType 1.2.10 HTTP Referer stored XSS

No description provided by source. Exploit Title: lifetype 1.2.10 http referer XSS Date: 11-1-2010 Author: Saif El-Sherei Software Link: http://lifetype.net/page/downloads Version: 1.2.10 Tested on: firefox 3.0.15 failure to sanitize the http referer header in index.php results in a cross site...

WordPress Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability

No description provided by source. !/usr/bin/ruby Exploit Title: WordPress Count per Day 3.2.5 CSRF Google Dork: inurl:/wp-content/plugins/count-per-day Date: 18.03.2013 Exploit Author: m3tamantra http://m3tamantra.wordpress.com/blog Vendor Homepage:...

TelCondex SimpleWebserver 2.12.30210 build 3285 HTTP Referer Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8925/info A vulnerability has been reported in SimpleWebServer that may allow a remote attacker to cause a denial of service condition or execute arbitrary code on vulnerable host. The issue is reported to exist due to a...

Deerfield VisNetic WebSite 3.5.13 .1 Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6369/info A vulnerability has been discovered in VisNetic Website when generating a 404 page for a non-existent resources. The issue is due to insufficient sanitization of the HTTP 'referer' header. It is possible to caus...

Antologic Antolinux 1.0 Administrative Interface NDCR Parameter Remote Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/9495/info It has been reported that Antologic Antolinux may be prone to a remote command execution vulnerability that may allow an attacker to execute arbitrary commands with the privileges of the server hosting the...

CVE-2012-5876

Nero MediaHome 4.x (NMMediaServer.dll) is affected by CVE-2012-5876 and related CVE-2012-5877, a set of remote DoS flaws caused by multiple off-by-one/length handling errors in the server. The vulnerabilities allow an attacker to crash the Nero MediaHome server by sending specially crafted reques...

Allegro RomPager < 4.51 HTTP Referer Header XSS Vulnerability

Allegro RomPager is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2013-6786

Cross-site scripting XSS vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitra...

CVE-2013-6786

CVE-2013-6786 is an XSS vulnerability in Allegro RomPager prior to 4.51 used on ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D‑Link DSL-2640R/2641R. The flaw arises when the forbidden author header protection is bypassed, allowing remote attackers to inject arbitrary web sc...

CVE-2013-7277

Multiple cross-site scripting XSS vulnerabilities in Andy's PHP Knowledgebase Aphpkb before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP Referer header to saa.php, 2 username parameter to login.php, or 3 keywordlist parameter to keysearch.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Andy's PHP Knowledgebase Aphpkb before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP Referer header to saa.php, 2 username parameter to login.php, or 3 keywordlist parameter to keysearch.php...

Destoon全版本通杀SQL注入2

简要描述： 要过年了，加班加点的。个人觉得不应该仅仅只检测用户的输入，而应该在SQL查询前进行检测才能更好的起到防注入的效果吧，因为人总是有遗漏的。 详细说明： common.inc.php 0x00 if!empty$SERVER'REQUESTURI' stripuri$SERVER'REQUESTURI';//跟进0x01 if$POST $POST = stripsql$POST; stripkey$POST; if$GET $GET = stripsql$GET; stripkey$GET; ... if$POST extract$POST, EXTRSKIP; if$GET...

http-referer-checker NSE Script

Informs about cross-domain include of scripts. Websites that include external javascript scripts are delegating part of their security to third-party entities. Script Arguments slaxml.debug See the documentation for the slaxml library. httpspider.doscraping, httpspider.maxdepth,...

Google Chrome 25.0.1364.152 HTTP Referer Header Faking

Advisory: XMLHttpRequest HTTP Referer Header Faking Author: Liad Mizrachi Vendor URL: http://www.chromium.org/ Vulnerability Status: Fixed Application Version: Google Chrome v25.0.1364.152 ========================== Vulnerability Description ========================== Chromium is the open source...

CVE-2013-3499

GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted header...

CVE-2013-3499

GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted header...

CVE-2013-3499

GroundWork Monitor Enterprise 6.7.0 is affected by an authentication bypass vulnerability where access decisions are made using the HTTP Referer header. A remote attacker can craft headers to obtain administrative privileges or access restricted files. The issue stems from referer-based authentic...

WordPress Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability

Exploit for php platform in category web applications Because this is my first Vulnerability I ever found by my self, I wrote a PoC script I know that this is overkill and the Vulnerability is trivial to exploit :P The JavaScript Payload is executed when the Admin views Count per Day - Statistics...

CVE-2013-0909

The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors...