CVE-2006-0461

Cross-site scripting XSS vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTPREFERER referer...

CVE-2005-2688

Multiple cross-site scripting XSS vulnerabilities in SaveWebPortal 3.4 allow remote attackers to inject arbitrary web script or HTML via a large number of parameters to 1 footer.php, 2 header.php, 3 menudx.php, or 4 menusx.php, or Javascript code in the 5 HTTPREFERER referer or 6 HTTPUSERAGENT us...

CVE-2005-2688

Multiple cross-site scripting XSS vulnerabilities in SaveWebPortal 3.4 allow remote attackers to inject arbitrary web script or HTML via a large number of parameters to 1 footer.php, 2 header.php, 3 menudx.php, or 4 menusx.php, or Javascript code in the 5 HTTPREFERER referer or 6 HTTPUSERAGENT us...

CVE-2002-2109

CVE-2002-2109 affects Matt Wright FormMail 1.9 and earlier. The vulnerability allows remote attackers to bypass the HTTP_REFERER check and perform unauthorized activities by exploiting: (1) a blank referer, (2) a spoofed referer with a trusted domain/URL after the beginning of the referer, or (3)...

CVE-2002-2109

Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTPREFERER check and conduct unauthorized activities via 1 a blank referer, 2 a spoofed referer with a trusted domain/URL after the beginning of the referer, or 3 a spoofed referer with a trusted domain/URL in the beginni...

CVE-2001-1532

WebX stores authentication information in the HTTPREFERER variable, which is included in URL links within bulletin board messages posted by users, which could allow remote attackers to hijack user sessions...

CVE-2001-1532

CVE-2001-1532 affects WebX where authentication data is stored in the HTTP_REFERER variable and is then included in URL links in user bulletin board messages. This design allows remote attackers to hijack sessions by luring users to click crafted links containing the referer-stored credentials. R...

Phorum 3.x - 'register.php' HTTP_REFERER Cross-Site Scripting

source: https://www.securityfocus.com/bid/9882/info It has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules. The issue presents itself across multiple modules including 'login.php', 'register.php', and 'profile.php'. These modules employ two hidde...

Phorum 5.0.3 Beta - Cross Site Scripting

Phorum 5.0.3 Beta - Cross Site Scripting Phorum Cross Site Scripting Vendor: Phorum Product: Phorum Version: tag, it will allow for pretty much any thing else, and most of you know it is not hard to execute javascript inside of a tag which is allowed. This same vulnerability also exists in...

Phorum 3.x - 'login.php' HTTP_REFERER Cross-Site Scripting

source: https://www.securityfocus.com/bid/9882/info It has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules. The issue presents itself across multiple modules including 'login.php', 'register.php', and 'profile.php'. These modules employ two hidde...

CommuniGate Pro Webmail 4.0.6 Session Hijacking Exploit

Exploit for linux platform in category remote exploits ======================================================= CommuniGate Pro Webmail 4.0.6 Session Hijacking Exploit ======================================================= !/usr/bin/perl Below is exploit code. Place it into cgi-bin, then...

CVE-2002-2330

Cross-site scripting XSS vulnerability in stat.pl in StatsPlus 1.25 allows remote attackers to inject arbitrary web script or HTML via 1 HTTPUSERAGENT or 2 HTTPREFERER, which is written to stats.html and executed in client browsers...

CVE-2002-2109

Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTPREFERER check and conduct unauthorized activities via 1 a blank referer, 2 a spoofed referer with a trusted domain/URL after the beginning of the referer, or 3 a spoofed referer with a trusted domain/URL in the beginni...

Vulnerabilities in PGPMail.pl

-----BEGIN PGP SIGNED MESSAGE----- Vulnerabilities in PGPMail.pl Overview PGPMail.pl v1.31 is a PERL script that extends Matt Wright's FormMail v1.5 to encrypt HTML form data using PGP. It is available from ftp://ftp.venturablvd.com/pub/pgpmail/. Two vulnerabilities exist which allow a remote...

suse: sdbsearch.cgi vulnerability

Hello, I found weakness in sdbsearch.cgi script which is a part of Suse distribution. This is perl script and since Suse 7.1 they have introduced some form of protection interpreter is called with tainting checking. However, I think it isn't enough and this bug still may produce danger...