CVE-2025-69985

FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution RCE. The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can...

SUSE CVE-2007-1396

The importrequestvariables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the 1 GET, 2 POST, 3 COOKIE, 4 FILES, 5 SERVER, 6 SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address a...

Antologic Antolinux 1.0 Administrative Interface NDCR Parameter Remote Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/9495/info It has been reported that Antologic Antolinux may be prone to a remote command execution vulnerability that may allow an attacker to execute arbitrary commands with the privileges of the server hosting the...

SeaMonkey < 1.1.9 Multiple Vulnerabilities

The installed version of SeaMonkey is affected by various security issues : - A series of vulnerabilities that allow for JavaScript privilege escalation and arbitrary code execution. - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption. - An HTTP...

Firefox < 2.0.0.13 Multiple Vulnerabilities

The installed version of Firefox is affected by various security issues : - A series of vulnerabilities that allow for JavaScript privilege escalation and arbitrary code execution. - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption. - An HTTP Refere...

Referer-spoofing via window.location race condition — Mozilla

Gregory Fleischer demonstrated that it was possible to generate a fake HTTP Referer header by exploiting a timing condition when setting the window.location property. This could be used to conduct a Cross-site Request Forgery CSRF attack against websites that rely only on the Referer header as...

PT-2007-6892 · Mozilla +1 · Firefox +2

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 2.0.0.10 SeaMonkey versions prior to 1.1.7 Description: The issue allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes. This is achieved by setting...

CVE-2006-7020

CRLF injection vulnerability in 1 include/incact/actformmailer.php and possibly 2 sampleextphp/mailfileform.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer HTTPREFERER...

CVE-2005-4827

CVE-2005-4827 affects Internet Explorer 6.0 (and possibly other versions). It describes a bypass of the same-origin policy by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) with a method name containing tab, newline, or carriage return characters, a pattern some proxies convert to s...

BizMail 2.1 Spam Exploit

Greetings all, Over the course of the last few months I've been the victim of repeated abuses of a web-based form commonly used for customer requests. This form can be downloaded here : http://www.bizmailform.com This form allowed a hacker to directly call the cgi, forge a referer url, and, with...