Searching referer software vulnerabilities

Vulnerability in htmlparse.pike in Roxen Web Se

htmlparsepike | Vulnerability | Server | Roxen | Web |

Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and earlier, possibly related to recursive parsing and referer tags in RXML.


WebX stores authentication information in the H

authentication | HTTP_REFERER | information | attackers | bulletin | messages | sessions | included | variable | remote | posted | stores | hijack | within | could | allow | which | links | users | board | user | WebX | URL |

WebX stores authentication information in the HTTP_REFERER variable, which is included in URL links within bulletin board messages posted by users, which could allow remote attackers to hijack user sessions.


The IMHO Webmail module 0.97.3 and earlier for

Webmail | module | IMHO |

The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER from the browser's previous login session in an error page, which allows local users to read another user's inbox.


mod_access_referer 1.0.2 allows remote attacker

mod_access_referer |

mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.


Buffer overflow in TelCondex SimpleWebServer 2.

SimpleWebServer | TelCondex | overflow | Buffer |

Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 allows remote attackers to execute arbitrary code via a long HTTP Referer header.


The check_referer() function in Formmail.php 5.


The check_referer() function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the same web server that contains a cross-site scripting (XSS) issue.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php.


SQL injection vulnerability in MS Analysis modu

vulnerability | arbitrary | attackers | injection | PHP-Nuke | Analysis | execute | request | referer | module | allows | remote | field | HTTP | SQL | via |

SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL via the referer field in an HTTP request.


Cross-site scripting (XSS) vulnerability in sta

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php.


SQL injection vulnerability in default.asp in B

vulnerability | defaultasp | BackOffice | injection | Lite | SQL |

SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header.


SQL injection vulnerability in default.asp in A

vulnerability | defaultasp | attackers | arbitrary | ASP-Rider | injection | commands | execute | referer | allows | remote | HTTP | SQL | via |

SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows remote attackers to execute arbitrary SQL commands via the HTTP referer.


Cross-site scripting (XSS) vulnerability in cor

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTP_REFERER (referer).


Cross-site scripting vulnerability in E-Blah Pl

vulnerability | Cross-site | attackers | arbitrary | scripting | Platinum | referer | allows | script | remote | E-Blah | inject | HTML | via | web |

Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows remote attackers to inject arbitrary web script or HTML via the referer (HTTP_REFERER), which is not sanitized when the log file is viewed by the administrator using "Click Log".


new_ticket.cgi in Hostflow 2.2.1-15 allows remo

authentication | new_ticketcgi | credentials | attackers | parameter | Hostflow | replay | allows | 221-15 | remote | steal | desc | tag | via | IMG |

new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal and replay authentication credentials via an IMG tag in the desc parameter ("Ticket Description" field) that points to a URL that captures referer URLs, possibly due to a cross-site scripting (XSS) vulnerability or a leak of credentials in referer URLs.


SQL injection vulnerability in counterchaos.php

counterchaosphp | vulnerability | CounterChaos | attackers | arbitrary | injection | commands | execute | Referer | earlier | header | allows | remote | 048c | HTTP | SQL | via |

SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.


CRLF injection vulnerability in (1) include/inc

vulnerability | injection | CRLF |

CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER).


EQdkp 1.3.1 and earlier authenticates administr

EQdkp |

EQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer.


SQL injection vulnerability in index.php in Fra

vulnerability | Francisco | arbitrary | Referers" | attackers | injection | commands | indexphp | PHP-Nuke | execute | enabled | earlier | Referer | header | remote | allows | Final | Burzi | block | "HTTP | HTTP | SQL | via |

SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable).


Peercast places a cleartext password in a query

information | attackers | sensitive | obtaining | cleartext | password | Peercast | sniffing | history | network | browser | Referer | string | obtain | places | might | which | query | allow |

Peercast places a cleartext password in a query string, which might allow attackers to obtain sensitive information by sniffing the network, or obtaining Referer or browser history information.


PHP remote file inclusion vulnerability in logi

vulnerability | My_REFERER | inclusion | loginphp | remote | file | PHP |

PHP remote file inclusion vulnerability in login.php in My_REFERER 1.08 allows remote attackers to execute arbitrary PHP code via a URL in the value parameter.


Software vulnerabilities results 1 to 20 of 70     
Page: 1234