28 matches found
EUVD-2009-3149
Malware in sbrugna...
EUVD-2014-3307
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-15572
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information password reset tokens by reading a Referer log, because...
CVE-2010-5080
The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HT...
SUSE CVE-2009-3166
token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser...
SUSE CVE-2015-2711
Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to obtain sensitive information by reading web-server Referer logs that contain private data in a UR...
Redmine Information Disclosure Vulnerability (CNVD-2017-31956)
Redmine is a set of open source Web-based project management and defect tracking tools . The tool provides project management , issue tracking and role-based access control and other features . An information disclosure vulnerability exists in Redmine versions prior to 3.2.6 and 3.3.x prior to...
CVE-2015-7929
eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser history...
Design/Logic Flaw
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 places session IDs in https URLs, which allows remote attackers to obtain sensitive information by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser history...
UBUNTU-CVE-2015-2711
Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to obtain sensitive information by reading web-server Referer logs that contain private data in a UR...
Code injection
The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser history, aka Bug ID CSCuj81713...
CVE-2014-3303
The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser history, aka Bug ID CSCuj81713...
CVE-2014-3297
Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser history, aka Bug...
CVE-2014-3294
Cisco WebEx Meeting Server does not properly restrict the content of URLs, which allows remote authenticated users to obtain sensitive information by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser history, aka Bug ID CSCuj81691...
CVE-2014-3294
Cisco WebEx Meeting Server does not properly restrict the content of URLs, which allows remote authenticated users to obtain sensitive information by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser history, aka Bug ID CSCuj81691...
Design/Logic Flaw
security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653...
CVE-2010-5080
The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HT...
CVE-2011-4759
Parallels Plesk Small Business Panel 10.2.0 generates web pages containing external links in response to GET requests with query strings for client@1/domain@1/hosting/file-manager/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading 1...
Cross site scripting
The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 generates web pages containing external links in response to GET requests with query strings for enterprise/mobile-monitor/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by...
CVE-2011-4751
SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading 1 web-server access logs or 2 web-server Referer logs,...