CVE-2008-1238

Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely ...

SeaMonkey < 1.1.9 Multiple Vulnerabilities

Binary data 4448.prm...

Firefox < 2.0.0.13 Multiple Vulnerabilities

The installed version of Firefox is affected by various security issues : - A series of vulnerabilities that allow for JavaScript privilege escalation and arbitrary code execution. - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption. - An HTTP Refere...

CVE-2008-1513

SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header...

Sql injection

SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header...

CVE-2008-1513

SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header...

CVE-2008-1513

The CVE-2008-1513 entry concerns Danneo CMS (versions 0.5.1 and earlier). The vulnerability is an SQL injection in index.php that manifests when the Referers statistics option is enabled, allowing remote attackers to inject and run arbitrary SQL commands via the HTTP Referer header. Affected comp...

openSUSE 10 Security Update : epiphany (epiphany-4870)

This update brings the Mozilla XUL runner engine to security update version 1.8.1.10 MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inne...

openSUSE 10 Security Update : seamonkey (seamonkey-4795)

This update fixed various security problems in Mozilla SeaMonkey. Following security problems were fixed: MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the sa...

Mozilla Firefox and SeaMonkey Windows.Location Property HTTP Referer头欺骗漏洞

Mozilla Firefox Seamonkey的一个弱点，允许攻击者以欺骗的HTTP referer头。弱点是由于要将一个小时间性差异时，用模态'警报（ ） '对话框，可以让使用者产生假的HTTP referer头。 攻击者可以利用这个问题来欺骗的HTTP referer头。这可能导致其它安全机制依赖于这个数据要失败的，或者让他们回到具误导性的资料。 此问题将影响之前的所有版本的Mozilla Firefox 2.0.0.10和Mozilla Seamonkey的1.1.7 。 Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7....

SuSE 10 Security Update : flash-player (ZYPP Patch Number 3890)

The Adobe Flash Player was updated to version 7.0.70.0 for Novell Linux Desktop 9 and to version 9.0.48.0 on SUSE Linux Enterprise Desktop 10 to fix several security problems : - An input validation error has been identified in Flash Player 9.0.45.0 and earlier versions that could lead to the...

CVE-2007-5960

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protecti...

CVE-2007-5960

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protecti...

openSUSE 10 Security Update : flash-player (flash-player-3889)

The Adobe Flash Player was updated to version 7.0.70.0 on SUSE Linux 10.0 and to version 9.0.48.0 on SUSE Linux 10.1 and openSUSE 10.2 to fix several security problems : CVE-2007-3456: An input validation error has been identified in Flash Player 9.0.45.0 and earlier versions that could lead to t...

CVE-2002-2246

Cross-site scripting XSS vulnerability in VisNetic Website before 3.5.15 allows remote attackers to inject arbitrary web script or HTML via the HTTP referer header HTTPREFERER to a non-existent page, which is injected into the resulting 404 error page...

asp,PHP and. net forge HTTP-REFERER method and forgery preventing REFERER-bug warning-the black bar safety net

HTTP-REFERER this variable has been increasingly unreliable, and completely is what can be forged out of the stuff. The following is the forged method: ASP/Visual Basic code dim http set http=server. createobject"MSXML2. XMLHTTP" '//MSXML2. serverXMLHTTP also can Http. open "GET",url,false Http...

Adobe Flash Player fails to properly validate HTTP Referers

Overview The Adobe Flash Player fails to properly validate HTTP Referers. This may allow an attacker to conduct cross-site request forgery attacks. Description Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser...

CVE-2007-3686

CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTPREFERER parameter...

Cross site request forgery (csrf)

Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file...

CVE-2007-3457

Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file...