Prayer Information Disclosure Vulnerability

Prayer is an IMAP-based Web mail server. An information disclosure vulnerability exists in Prayer that stems from the header.t lack of no-referrer setting. An attacker can exploit this vulnerability to obtain a username...

CVE-2018-18655

Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting...

Design/Logic Flaw

Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting...

CVE-2018-18655

Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting...

CVE-2018-18655

Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting...

JunkBuster: Multiple vulnerabilities

Background JunkBuster is a filtering HTTP proxy, designed to enhance privacy and remove unwanted content. Description James Ranson reported a vulnerability when JunkBuster is configured to run in single-threaded mode, an attacker can modify the referrer setting by getting a victim to request a...

junkbuster -- heap corruption vulnerability and configuration modification vulnerability

A Debian advisory reports: James Ranson discovered that an attacker can modify the referrer setting with a carefully crafted URL by accidently overwriting a global variable. Tavis Ormandy from the Gentoo Security Team discovered several heap corruptions due to inconsistent use of an internal...