Oracle GlassFish Server 3.1.1 (build 12) Multiple XSS Vulnerabilities

Exploit for windows platform in category web applications Details Vendor Site: Oracle www.oracle.com Date: April, 19th 2012 – CVE 2012-0551 Affected Software: Oracle GlassFish Server 3.1.1 build 12 Researcher: Roberto Suggi Liverani PDF version:...

CVE-2008-6059

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

CVE-2009-0419

CVE-2009-0419 concerns information disclosure in Microsoft XML Core Services via Set-Cookie2 headers accessible from XMLHttpRequest. Connected documentation shows Microsoft MS08-069 (KB955218) addressing XML Core Services vulnerabilities, resolving an information-disclosure risk and guiding updat...

PT-2009-1135

Name of the Vulnerable Software and Affected Versions Microsoft Internet Information Services IIS version 5.0 Description The issue allows remote attackers to steal cookies and authentication credentials or bypass the HttpOnly protection mechanism. This is achieved by using the undocumented TRACK...