810 matches found
CVE-2017-14194
The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer...
CVE-2017-14195
The callmsg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer...
CVE-2017-14194
The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer...
Cross site request forgery (csrf)
Cross Site Request Forgery CSRF exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked...
CVE-2017-12651
Cross Site Request Forgery CSRF exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked...
CVE-2017-12651
CVE-2017-12651 affects the WordPress Loginizer plugin (versions prior to 1.3.6). The vulnerability is a Cross-Site Request Forgery (CSRF) in the Blacklist and Whitelist IP Wizard (init.php) due to the HTTP Referer header not being checked. This can allow an attacker to manipulate IP blacklist/whi...
CVE-2017-12651
Cross Site Request Forgery CSRF exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked...
Cacti cross-site scripting vulnerability (CNVD-2017-26582)
Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A cross-site scripting vulnerability exists in the...
UBUNTU-CVE-2017-12066
Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancelurl variable. NOTE: this vulnerability exists because of an incomplete fi...
Cacti cross-site scripting vulnerability (CNVD-2017-26314)
Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A cross-site scripting vulnerability exists in the authprofile.php...
UBUNTU-CVE-2017-11691
Cross-site scripting XSS vulnerability in authprofile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...
DEBIAN-CVE-2017-11691
Cross-site scripting XSS vulnerability in authprofile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...
Open Redirects
Moodle is vulnerable to open redirects. Attackers can perform phishing attacks and other open redirects through an error page which contains links to a URL from the HTTP Referer header...
Legal Robot: [Cross-domain Referer leakage] Password reset token leakage via referer
A security researcher discovered that sensitive information, like password reset tokens could still be leaked to analytics services like Google Analytics or via the Referer sic header. Even though tokens were immediately invalidated, we decided to re-engineer the process to eliminate any...
Legal Robot: Token leakage by referrer header & analytics
A security researcher discovered that sensitive information, like password reset tokens could still be leaked to analytics services like Google Analytics or via the Referer sic header. Even though tokens were immediately invalidated, we decided to re-engineer the process to eliminate any...
Cacti aggregate_graphs.php file cross-site scripting vulnerability
Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A cross-site scripting vulnerability exists in the...
DEBIAN-CVE-2017-11163
Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancelurl variable...
Hopesys Web Management System version 1.0 /include/func.common.php referer header injection vulnerability
Hopesys website management system is based on LAMP development of enterprise/government website management system. Hopesys Website Management System version 1.0 /include/func.common.php referer header injection vulnerability. An attacker can use this vulnerability to obtain sensitive database...
SQL Injection Vulnerability in HTTP_REFERER on the Home Page of Uc365 Website Classifieds Navigation System
Uc365 website classification and navigation system is a cross-platform open source software, based on PHP + MYSQL development and construction of open source website classification and catalog management system. There is a SQL injection vulnerability in the index.php file on the home page of the...
Serendipity < 2.1.1 Multiple Vulnerabilities
According to its banner, the version of Serendipity running on the remote host is prior to 2.1.1. It is, therefore, affected by multiple vulnerabilities : - A stored cross-site scripting XSS vulnerability exists in the templates/2k11/admin/category.inc.tpl script due to improper validation of the...