801 matches found
Path traversal
OMERO.web before 5.6.3 optionally allows sensitive data elements e.g., a session key to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target...
Netsweeper WebAdmin unixlogin.php Python Code Injection
This module exploits a Python code injection in the Netsweeper WebAdmin component's unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request. Tested on the CentOS Linux-based...
Netsweeper WebAdmin unixlogin.php Python Code Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netsweeper WebAdmin unixlogin.php Python Code Injection', 'Description' = %q This module exploits a Python code injection in the Netsweeper...
Rockstar Games: Referer Referer Header Leakage in language changer may lead to FB token theft
In this report, the researcher discovered an open redirect vulnerability that could be exploited by changing the language on the page at https://www.rockstargames.com/GTAOnline, and cause the user's full URL potentially including sensitive tokens to be included in the Referer header to the new...
PlayStation: Access Token Smuggling from my.playstation.com via Referer Header
I discovered a way to smuggle an access token from my.playstation.com via Referer header through chain of open redirection vulnerability. On my investigation of authentication flow I found this endpoint with potential site for open redirect vulnerability...
TP-Link Archer C50 Denial of Service Vulnerability
The TP-Link Archer C50 is a wireless router from China P&L TP-Link. A security vulnerability exists in versions prior to TP-Link Archer C50 V3 Build 200318 Rel. 62209. A remote attacker can exploit this vulnerability to cause a denial of service via an HTTP header with an illegal referer field...
CVE-2020-9375
TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field...
Chadha Software Technologies PHPKB Standard Multi-Language article.php Cross-Site Scripting Vulnerability
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site scripting vulnerability exists in the way the Referer header is handled in the article.php file in Chadha Software...
CVE-2020-10388
The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored Blind XSS injecting arbitrary web script or HTML in admin/report-referrers.php vulnerable file admin/include/functions-articles.php...
CVE-2020-10388
The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored Blind XSS injecting arbitrary web script or HTML in admin/report-referrers.php vulnerable file admin/include/functions-articles.php...
Cross site scripting
The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored Blind XSS injecting arbitrary web script or HTML in admin/report-referrers.php vulnerable file admin/include/functions-articles.php...
CVE-2020-10388
The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored Blind XSS injecting arbitrary web script or HTML in admin/report-referrers.php vulnerable file admin/include/functions-articles.php...
CVE-2020-10388
Chadha PHPKB Standard Multi-Language v9 is affected by CVE-2020-10388 due to improper handling/validation of the Referer header in article.php, enabling Stored (Blind) XSS via admin/report-referrers.php (vulnerable code in admin/include/functions-articles.php). Affected component: PHPKB’s article...
PT-2020-12058 · Chadha · Phpkb Standard Multi-Language
Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of the Referer header in article.php, allowing attackers to execute Stored Blind XSS by injecting arbitrary web script or HTML. This is specifically...
CVE-2017-6371
Synchronet BBS 3.16c for Windows allows remote attackers to cause a denial of service service crash via a long string in the HTTP Referer header...
Dolibarr Cross-Site Scripting Vulnerability (CNVD-2020-10498)
Dolibarr ERP/CRM is an open source software/freeware for small and medium-sized businesses, organizations or freelancers. It includes different features such as Enterprise Resource Planning ERP and Customer Relationship Management CRM, as well as applications for other different activities. A...
CVE-2020-9016
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...
Design/Logic Flaw
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...
UBUNTU-CVE-2020-9016
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...
CVE-2020-9016
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...