Lucene search
K

823 matches found

CVE
CVE
added 2008/05/13 8:14 p.m.37 views

CVE-2008-2167

ZyXEL ZyWALL 100 is affected by a cross-site scripting (XSS) vulnerability where a crafted Referer header is not properly handled on the 404 error page, allowing remote attackers to inject arbitrary web script or HTML. The available documents identify the affected product and the vulnerability cl...

4.3CVSS5.7AI score0.16784EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2008/05/13 8:14 p.m.21 views

CVE-2008-2167

Cross-site scripting XSS vulnerability in ZyXEL ZyWALL 100 allows remote attackers to inject arbitrary web script or HTML via the Referer header, which is not properly handled in a 404 Error page...

5.7AI score0.16784EPSS
Exploits1References8
exploitpack
exploitpack
added 2008/05/08 12:0 a.m.12 views

ZyWALL 100 HTTP Referer Header - Cross-Site Scripting

ZyWALL 100 HTTP Referer Header - Cross-Site Scripting source: https://www.securityfocus.com/bid/29110/info ZyWALL 100 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2008/05/08 12:0 a.m.48 views

ZYWALL Referer Header XSS Vulnerability

Affected Software/Device: Zyxel ZYWall 100 Vulnerability: Cross Site Scripting Risk: Low Description: The ZyWALL 100 is designed to act as a secure gateway via xDSL/Cable modems or broadband routers for small to medium size companies. The ZyWALL 100 features an ICSA certified firewall, IPSec VPN...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2008/05/08 12:0 a.m.23 views

ZyXel ZyWALL crossite scripting

Crossite scriptin with Referer: header...

1.3AI score
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2008/05/08 12:0 a.m.19 views

ZyWALL 100 HTTP Referer Header - Cross-Site Scripting

source: https://www.securityfocus.com/bid/29110/info ZyWALL 100 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2008/03/28 12:0 a.m.5 views

PT-2008-3103 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 through 7 Description: The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer does not block dangerous HTTP request headers when certain 8-bit character sequences are...

7.1CVSS5.9AI score0.26317EPSS
Exploits0References16
NVD
NVD
added 2008/03/27 10:44 a.m.18 views

CVE-2008-1238

Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely ...

5CVSS6.8AI score0.02443EPSS
Exploits2References35
Prion
Prion
added 2008/03/27 10:44 a.m.27 views

Cross site request forgery (csrf)

Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely ...

5CVSS6.9AI score0.02443EPSS
Exploits2References35Affected Software2
Positive Technologies
Positive Technologies
added 2008/03/27 12:0 a.m.3 views

PT-2008-2831 · Mozilla +1 · Firefox +2

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 2.0.0.13 SeaMonkey versions prior to 1.1.9 Description: The issue makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as some Cross-Site Request...

9.3CVSS10AI score0.06055EPSS
Exploits3References48
Prion
Prion
added 2008/03/25 11:44 p.m.11 views

Sql injection

SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header...

6.8CVSS9.1AI score0.0085EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2008/02/19 12:0 a.m.109 views

Dokeos main/inc/lib/events.lib.inc.php Referer HTTP Header SQL Injection

The remote host is running Dokeos, an open source, e-learning and course management web application written in PHP. The version of Dokeos installed on the remote host fails to sanitize user input to the 'Referer' request header before using it in the 'main/inc/lib/events.lib.inc.php' script to...

7.5CVSS5.6AI score0.02383EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2008/01/10 12:0 a.m.26 views

openSUSE 10 Security Update : epiphany (epiphany-4870)

This update brings the Mozilla XUL runner engine to security update version 1.8.1.10 MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inne...

9.3CVSS8.6AI score0.05443EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2008/01/08 12:0 a.m.37 views

openSUSE 10 Security Update : seamonkey (seamonkey-4795)

This update fixed various security problems in Mozilla SeaMonkey. Following security problems were fixed: MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the sa...

9.3CVSS8.2AI score0.05443EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2007/12/19 4:32 p.m.5 views

Mozilla Cross-site Request Forgery flaw

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protecti...

4.3CVSS5.8AI score0.01469EPSS
Exploits1References4
NVD
NVD
added 2007/11/26 11:46 p.m.23 views

CVE-2007-5960

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protecti...

4.3CVSS6.5AI score0.01469EPSS
Exploits1References57
RedHat Linux
RedHat Linux
added 2007/11/26 11:4 p.m.4 views

Mozilla Cross-site Request Forgery flaw

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protecti...

4.3CVSS5.8AI score0.01469EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2007/11/26 10:53 p.m.9 views

Mozilla Cross-site Request Forgery flaw

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protecti...

4.3CVSS5.8AI score0.01469EPSS
Exploits1References4
Cvelist
Cvelist
added 2007/10/14 8:0 p.m.24 views

CVE-2002-2246

Cross-site scripting XSS vulnerability in VisNetic Website before 3.5.15 allows remote attackers to inject arbitrary web script or HTML via the HTTP referer header HTTPREFERER to a non-existent page, which is injected into the resulting 404 error page...

5.7AI score0.01499EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2007/10/05 12:0 a.m.7 views

PT-2007-6305 · Maxdev · Maxdev Md-Pro

Name of the Vulnerable Software and Affected Versions: MAXdev MDPro MD-Pro version 1.0.76 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by including a specific substring in the Referer HTTP header. The Firefox ID= substring is used to inject SQ...

7.5CVSS7.5AI score0.01651EPSS
Exploits1References10
Rows per page
Query Builder