18 matches found
CVE-2023-22985
Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting XSS via Name, Referrer, Location, and Comments...
CVE-2023-22985
Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting XSS via Name, Referrer, Location, and Comments...
CVE-2023-22985
Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting XSS via Name, Referrer, Location, and Comments...
DEBIAN-CVE-2023-25825
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This i...
Regular Expression Denial Of Service (ReDoS)
Node-fetch is vulnerable to denial of service. The vulnerability lies in the referrer field in the fetch function, leading to inefficient Regular Expression Complexity. If an attacker is able to use a large character string in the referrer field, the program will either hang or crash...
JetBrains TeamCity Cross-Site Scripting Vulnerability (CNVD-2022-55670)
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. A cross-site scripting vulnerability exists in versions prior to JetBrains TeamCity 2022.04. The vulnerability stems from a lack of data validation filtering of user-supplied data a...
JetBrains TeamCity 跨站脚本漏洞
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. A cross-site scripting vulnerability exists in versions prior to JetBrains TeamCity 2022.04. The vulnerability stems from a lack of data validation filtering of user-supplied data a...
Cross-site Scripting (XSS)
forkcms/forkcms is vulnerable to cross-site scripting XSS. The vulnerability exists due to the lack of sanitation in referrer field, allowing malicious users to inject and execute arbitrary javascript...
CVE-2015-8707
Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field...
Design/Logic Flaw
Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field...
WordPress Plugin Video Gallery 2.8 - Arbitrary Mail Relay
WordPress Plugin Video Gallery 2.8 - Arbitrary Mail Relay Exploit Title : Wordpress Video Gallery 2.8 Unprotected Mail Page Exploit Author : Claudio Viviani Website Author: http://www.homelab.it http://archive-exploit.homelab.it/1 Full HomelabIT Vulns Archive Vendor Homepage :...
WordPress Video Gallery 2.8 Unprotected Mail Page
Exploit Title : Wordpress Video Gallery 2.8 Unprotected Mail Page Exploit Author : Claudio Viviani Website Author: http://www.homelab.it http://archive-exploit.homelab.it/1 Full HomelabIT Vulns Archive Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery Software...
CNC Technology BizDB 1.0 bizdb-search.cgi Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1104/info BizDB is a web databse integration product using perl CGI scripts. One of the scripts, bizdb-search.cgi, passes a variable's contents to an unchecked open call and can therefore be made to execute commands at th...
CVE-2008-3966
Multiple cross-site scripting XSS vulnerabilities in MyBB aka MyBulletinBoard before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via 1 a certain referrer field in usercp2.php, 2 a certain location field in inc/functionsonline.php, and certain 3 tsubject and 4 psubject fiel...
bizdb1-search.cgi located
BizDB is a web database integration product using Perl CGI scripts. One of the scripts, bizdb-search.cgi, passes a variable's contents to an unchecked open call and can therefore be made to execute commands at the privilege level of the webserver. The variable is dbname, and if passed a semicolon...
bizdb1-search.cgi located
One of the BizDB scripts, bizdb-search.cgi, passes a variable SPDX-FileCopyrightText: 2000 Roelof Temmingh Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2005-1108
The ijuntrustedurl function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote attackers to overwrite the referrer field via a crafted HTTP request...
PHP-Nuke MS-Analysis Module - HTTP Referrer Field SQL Injection
source: https://www.securityfocus.com/bid/9948/info Reportedly the MS-Analysis module is prone to a remote SQL injection vulnerability. This issue is due to a failure to properly sanitize user supplied HTTP header input before using it in an SQL query. As a result of this, a malicious user may...