EUVD-2022-5139

Malicious code in bioql PyPI...

SUSE CVE-2017-15572

In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information password reset tokens by reading a Referer log, because account/lostpassword does not use a redirect...

Moodle sensitive information disclosure

Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log...

DEBIAN-CVE-2017-15572

In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information password reset tokens by reading a Referer log, because account/lostpassword does not use a redirect...

Information disclosure

In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information password reset tokens by reading a Referer log, because account/lostpassword does not use a redirect...

UBUNTU-CVE-2017-15572

In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information password reset tokens by reading a Referer log, because account/lostpassword does not use a redirect...

CVE-2017-15572

In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information password reset tokens by reading a Referer log, because account/lostpassword does not use a redirect...

CVE-2017-15572

In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information password reset tokens by reading a Referer log, because account/lostpassword does not use a redirect...

Information Disclosure

Moodle is vulnerable to information disclosure. Attackers are able to obtain sensitive URL information through the Referer log because it doesn't correctly restrict links with the blank attribute...

CVE-2016-2190

Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log...

CVE-2015-2286

lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this page to a...

Information disclosure

CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log...

CVE-2014-3862

CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log...

CVE-2010-3319

IBM Records Manager RM 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file...

CVE-2010-3319

IBM Records Manager RM 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file...