referrer software vulnerabilities
vulnerabilities.aspcode.net
Searching referrer software vulnerabilities
Buffer overflow in O'Reilly WebSite Professiona
Professional
|
arbitrary
|
attackers
|
Referrer
|
commands
|
O'Reilly
|
overflow
|
WebSite
|
execute
|
earlier
|
request
|
header
|
Buffer
|
server
|
remote
|
allows
|
long
|
via
|
web
|
GET
|
Buffer overflow in O'Reilly WebSite Professional web server 2.4 and earlier allows remote attackers to execute arbitrary commands via a long GET request or Referrer header.
Websweeper 4.0 does not limit the length of cer
Websweeper
|
attackers
|
certain
|
headers
|
service
|
allows
|
remote
|
denial
|
length
|
cause
|
which
|
limit
|
HTTP
|
does
|
not
|
Websweeper 4.0 does not limit the length of certain HTTP headers, which allows remote attackers to cause a denial of service (memory exhaustion) via an extremely large HTTP Referrer: header.
Cross-site scripting vulnerability in Webalizer
vulnerability
|
specifying
|
Cross-site
|
attackers
|
arbitrary
|
Webalizer
|
scripting
|
versions
|
possibly
|
inject
|
201-06
|
allows
|
remote
|
other
|
them
|
HTML
|
tags
|
Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup.
Ipswitch IMail 7.04 and earlier stores a user's
Ipswitch
|
IMail
|
Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control.
Macromedia JRun 3.0 and 3.1 appends the jsessio
jsessionid
|
Macromedia
|
requests
|
appends
|
JRun
|
URL
|
Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.
Cross-site scripting vulnerability in DeepMetri
vulnerability
|
DeepMetrix
|
Cross-site
|
LiveStats
|
scripting
|
Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 through 6.2.1 allows remote attackers to execute arbitrary script as the LiveStats user via the (1) user-agent or (2) referrer, which are not filtered by the stats program.
The quick login feature in Slash Slashcode does
passwords
|
Slashcode
|
alternate
|
password
|
Referrer
|
username
|
provided
|
redirect
|
feature
|
reading
|
easier
|
remote
|
proper
|
guess
|
sites
|
quick
|
login
|
wrong
|
makes
|
which
|
Slash
|
user
|
does
|
web
|
URL
|
not
|
The quick login feature in Slash Slashcode does not redirect the user to an alternate URL when the wrong password is provided, which makes it easier for remote web sites to guess the proper passwords by reading the username and password from the Referrer URL.
Vignette StoryServer 5 and Vignette V/6 allows
StoryServer
|
attackers
|
arbitrary
|
Vignette
|
execute
|
allows
|
remote
|
code
|
via
|
V/6
|
TCL
|
Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command.
Cross-site scripting (XSS) vulnerability in the
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers.
The ij_untrusted_url function in JunkBuster 2.0
ij_untrusted_url
|
single-threaded
|
JunkBuster
|
overwrite
|
attackers
|
referrer
|
function
|
request
|
crafted
|
enabled
|
202-r2
|
allows
|
remote
|
field
|
HTTP
|
mode
|
via
|
The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote attackers to overwrite the referrer field via a crafted HTTP request.
Eval injection vulnerability in awstats.pl in A
vulnerability
|
attackers
|
URLPlugin
|
arbitrary
|
parameter
|
awstatspl
|
injection
|
function
|
inserted
|
Referrer
|
earlier
|
enabled
|
AWStats
|
execute
|
allows
|
remote
|
which
|
$url
|
into
|
Eval
|
code
|
Perl
|
call
|
used
|
HTTP
|
via
|
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.
Cross-site scripting (XSS) vulnerability in rkr
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in rkrt_stats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, which is stored in the $QUERY_STRING variable. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
CRLF injection vulnerability in inc/function.ph
inc/functionphp
|
MyBulletinBoard
|
vulnerability
|
injection
|
CRLF
|
CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages.
SQL injection vulnerability in index.php in MyB
vulnerability
|
injection
|
indexphp
|
MyBB
|
SQL
|
SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter.
Software vulnerabilities results 1 to 15 of 15
Page:
1