CVE-2023-38066

In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads...

JetBrains TeamCity 跨站脚本漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...

Textpattern 4.8.8 Session Token Disclosure Vulnerability

Textpattern version 4.8.8 logs the session token in a GET request where it may end up getting disclosed in logs or via a referer. Title: textpattern-4.8.8 Session token in URL Vulnerability Author: nu11secur1ty Vendor: https://textpattern.com/ Software:...

CVE-2023-27569

The eotags package before 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop eotags versions prior to 1.3.0, which stems from a vulnerabili...

Access Control Vulnerability in Admin Address Book

Description An Access Control Vulnerability allows a low level user in the web application to view and edit information for all other users in the Admin Address Book. Proof of Concept Step 1. Login to the openemr web application as a low level user Ex: Receptionist in openemr demo \ Step 2. Trave...

K18304067: The BIG-IP ASM system may fail to properly mask the value of a configured sensitive positional parameter that appears in a Referer header

Security Advisory Description The BIG-IP ASM system may fail to properly mask the value of a configured sensitive positional parameter that appears in a Referer header. This issue occurs when all of the following conditions are met: You configure a positional parameter for an Allowed URL in the...

K33572148: The BIG-IP ASM system may fail to mask a configured sensitive parameter in the Referer header value

Security Advisory Description The BIG-IP ASM system may fail to mask a configured sensitive parameter in the Referer header value. This issue occurs when all of the following conditions are met: You configured a sensitive parameter located in Security Application Security Parameters Sensitive...

SUSE CVE-2003-0459

KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites...

SUSE CVE-2005-3352

Cross-site scripting XSS vulnerability in the modimap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps...

SUSE CVE-2007-3457

Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file...

SUSE CVE-2007-5960

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protecti...

SUSE CVE-2008-1238

Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely ...

SUSE CVE-2010-1406

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive...

SUSE CVE-2015-3175

Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer...

SUSE CVE-2017-11163

Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancelurl variable...

SUSE CVE-2017-11691

Cross-site scripting XSS vulnerability in authprofile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...

SUSE CVE-2021-22876

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header...

CVE-2022-4130

A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server...

CVE-2022-4130

A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server...