Eight10

1 exploit Active since Feb 2007
CVE-2007-0760 EXPLOITDB text WRITEUP
EQdkp <= 1.3.1 - Unauthenticated Account Access via HTTP Referer Spoofing
EQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer.