Design/Logic Flaw

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to 1 admin/adminconfig.php, 2 admin/adminmodules.php, 3 delete.php, 4 editlink.php, 5 submit.php, 6 submitgroups.php, 7...

CVE-2010-0660

Google Chrome before 4.0.249.78 sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging...

Hardcoded credentials

Google Chrome before 4.0.249.78 sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging...

CVE-2010-0660

Removed by vendor...

CVE-2009-3444

Cross-site scripting XSS vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 aka news to email action...

CVE-2009-3444

The CVE-2009-3444 entry concerns the e107 web platform (versions 0.7.16 and earlier) with a Cross-Site Scripting (XSS) vulnerability in email.php triggered via the HTTP Referer header in the news.1 (news to email) action. Affected component: e107 (email.php within news-to-email flow). Root cause:...

e107 0.7.16 - Referer header Cross-Site Scripting

Hello Bugtraq! I want to warn you about Cross-Site Scripting vulnerability in E107. Which I found at 31.01.2009 and disclosed recently. XSS: At page for sending news to email http://site/email.php?news.1 it's possible to conduct XSS attack via Referer header. Particularly it can be done via flash...

E107 Referer Cross Site Scripting

Hello Bugtraq! I want to warn you about Cross-Site Scripting vulnerability in E107. Which I found at 31.01.2009 and disclosed recently. XSS: At page for sending news to email http://site/email.php?news.1 it's possible to conduct XSS attack via Referer header. Particularly it can be done via flash...

e107 0.7.16 - Referer header Cross-Site Scripting

e107 0.7.16 - Referer header Cross-Site Scripting Hello Bugtraq! I want to warn you about Cross-Site Scripting vulnerability in E107. Which I found at 31.01.2009 and disclosed recently. XSS: At page for sending news to email http://site/email.php?news.1 it's possible to conduct XSS attack via...

Cross-Site Scripting vulnerability in E107

Hello 3APA3A! I want to warn you about Cross-Site Scripting vulnerability in E107. XSS: At page for sending news to email http://site/email.php?news.1 it's possible to conduct XSS attack via Referer header. Particularly it can be done via flash. Referer: 'scriptalertdocument.cookie/script...

CVE-2009-2797

The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server...

Apple iOS 3.x < 3.1 Multiple Vulnerabilities

Binary data 5160.prm...

CVE-2008-7143

phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header...

Code injection

modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gvfolderdata parameter, as demonstrated by modifying modules/tool/url2header.php...

CVE-2008-6983

modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gvfolderdata parameter, as demonstrated by modifying modules/tool/url2header.php...

Claroline 'notfound.php' Cross-Site Scripting Vulnerability

The host is running Claroline and is prone to SQL Injection Vulnerability. OpenVAS Vulnerability Test $Id: gbclarolinexssvuln.nasl 4865 2016-12-28 16:16:43Z teissa $ Claroline 'notfound.php' Cross-Site Scripting Vulnerability Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone Networks Gmb...

CVE-2009-1907

Cross-site scripting XSS vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header...

Sql injection

SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header...

CVE-2009-1842

SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header...