801 matches found
ZYWALL Referer Header XSS Vulnerability
Affected Software/Device: Zyxel ZYWall 100 Vulnerability: Cross Site Scripting Risk: Low Description: The ZyWALL 100 is designed to act as a secure gateway via xDSL/Cable modems or broadband routers for small to medium size companies. The ZyWALL 100 features an ICSA certified firewall, IPSec VPN...
ZyWALL 100 HTTP Referer Header - Cross-Site Scripting
ZyWALL 100 HTTP Referer Header - Cross-Site Scripting source: https://www.securityfocus.com/bid/29110/info ZyWALL 100 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...
ZyXel ZyWALL crossite scripting
Crossite scriptin with Referer: header...
ZyWALL 100 HTTP Referer Header - Cross-Site Scripting
source: https://www.securityfocus.com/bid/29110/info ZyWALL 100 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...
PT-2008-3103 · Microsoft · Internet Explorer
Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 through 7 Description: The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer does not block dangerous HTTP request headers when certain 8-bit character sequences are...
Cross site request forgery (csrf)
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely ...
CVE-2008-1238
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely ...
PT-2008-2831 · Mozilla +1 · Firefox +2
Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 2.0.0.13 SeaMonkey versions prior to 1.1.9 Description: The issue makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as some Cross-Site Request...
Sql injection
SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header...
Dokeos main/inc/lib/events.lib.inc.php Referer HTTP Header SQL Injection
The remote host is running Dokeos, an open source, e-learning and course management web application written in PHP. The version of Dokeos installed on the remote host fails to sanitize user input to the 'Referer' request header before using it in the 'main/inc/lib/events.lib.inc.php' script to...
openSUSE 10 Security Update : epiphany (epiphany-4870)
This update brings the Mozilla XUL runner engine to security update version 1.8.1.10 MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inne...
openSUSE 10 Security Update : seamonkey (seamonkey-4795)
This update fixed various security problems in Mozilla SeaMonkey. Following security problems were fixed: MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the sa...
Mozilla Cross-site Request Forgery flaw
Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protecti...
CVE-2007-5960
Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protecti...
Mozilla Cross-site Request Forgery flaw
Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protecti...
Mozilla Cross-site Request Forgery flaw
Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protecti...
CVE-2002-2246
Cross-site scripting XSS vulnerability in VisNetic Website before 3.5.15 allows remote attackers to inject arbitrary web script or HTML via the HTTP referer header HTTPREFERER to a non-existent page, which is injected into the resulting 404 error page...
PT-2007-6305 · Maxdev · Maxdev Md-Pro
Name of the Vulnerable Software and Affected Versions: MAXdev MDPro MD-Pro version 1.0.76 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by including a specific substring in the Referer HTTP header. The Firefox ID= substring is used to inject SQ...
Flash Player Multiple Vulnerabilities (APSB07-12)
According to its version number, the instance of Flash Player on the remote Windows host could allow for arbitrary code execution by means of a malicious SWF file. In addition, it may also fail to sufficiently validate the HTTP Referer header, which may aid in cross-site request forgery attacks...
JVN#72595280 Flash Player allows to send arbitrary Referer headers
Adobe Flash Player is a multimedia and application browser plugin for viewing Adobe Flash contents. Flash Player contains a vulnerability allowing to send arbitrary Referer headers. Impact As a flash file swf can send an arbitrary Referer header and Flash Player cannot properly validate Referer...