Lucene search
PRIOn knowledge basePRION:CVE-2007-1085HistoryFeb 23, 2007 - 3:28 a.m.
Cross site scripting
2007-02-2303:28:00
PRIOn knowledge base
www.prio-n.com
3
Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the “under” parameter in Advanced Search with the proper signature.
References
osvdb.org/33483
securityreason.com/securityalert/2301
www.kb.cert.org/vuls/id/615857
www.securityfocus.com/archive/1/460735/100/0/threaded
www.securityfocus.com/archive/1/460928/100/0/threaded
www.securityfocus.com/bid/22650
www.securitytracker.com/id?1017686
www.watchfire.com/resources/Overtaking-Google-Desktop.pdf
Related
securityvulns
securityvulns
Google Desktop unauthorized access
2007-03-01 00:00:00
cvelist
cvelist
CVE-2007-1085
2007-02-23 01:00:00
nvd
nvd
CVE-2007-1085
2007-02-23 03:28:00
cve
cve
CVE-2007-1085
2007-02-23 03:28:00
nessus
nessus
Google Desktop Advanced Search Internal Web Server XSS
2007-02-26 00:00:00