Mozilla Firefox 3.5.x < 3.5.12 Multiple Vulnerabilities

Binary data 5656.prm...

Firefox < 3.5.12 Multiple Vulnerabilities

The installed version of Firefox is earlier than 3.5.12. Such versions are potentially affected by the following security issues : - The pseudo-random number generator is only seeded once per browsing session and 'Math.random' may be used to recover the seed value allowing the browser instance to...

Mozilla Firefox 3.6.x < 3.6.9 Multiple Vulnerabilities

Binary data 5657.prm...

Information leak via XMLHttpRequest statusText — Mozilla

Matt Haggard reported that the statusText property of an XMLHttpRequest object is readable by the requester even when the request is made across origins. This status information reveals the presence of a web server and could be used to gather information about servers on internal private networks...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2010-49 Miscellaneous memory safety hazards rv:1.9.2.9/ 1.9.1.12 MFSA 2010-50 Frameset integer overflow vulnerability MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array MFSA 2010-52 Windows XP DLL loading vulnerability MFSA 2010-53 Heap buffer...

CVE-2010-1760

loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150...

CVE-2010-1760

loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150...

Hardcoded credentials

loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150...

CVE-2010-1760

CVE-2010-1760 affects loader/DocumentThreadableLoader.cpp in the WebKit WebCore XMLHttpRequest implementation, before r58409. The vulnerability arises because credentials are not properly handled during a cross-origin synchronous request. The description specifies an unspecified impact with poten...

LightNEasy 3.2 admin account hijacking csrf vulnerability

Exploit for php platform in category web applications ========================================================= LightNEasy 3.2 admin account hijacking csrf vulnerability ========================================================= Author: pimpim Software Link:...

Apache OFBiz - Admin Creator

Apache OFBiz - Admin Creator / Apache OFBiz FULLADMIN Creator PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var username = 'bonsaiUser'; var password = 'bonsaiPass'; var nodes =...

Apache OFBiz SQL Remote Execution PoC Payload

Exploit for multiple platform in category remote exploits ============================================= Apache OFBiz SQL Remote Execution PoC Payload ============================================= / Apache OFBiz SQL Remote Execution PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at-...

Apache OFBiz - Admin Creator

/ Apache OFBiz FULLADMIN Creator PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var username = 'bonsaiUser'; var password = 'bonsaiPass'; var nodes = document.getElementsByClassName'fieldWidth300'; for var i=0;...

Microsoft Windows ShellExecute()输入验证漏洞（MS10-002/MS10-007）

BUGTRAQ ID: 37884 CVE ID: CVE-2010-0027 Microsoft Windows是微软发布的非常流行的操作系统。 IE浏览器等应用使用ShellExecute API函数处理文件。由于没有正确的对数据流执行验证，用户受骗跟随了恶意URL就可能导致绕过安全过滤执行本地系统上的二进制程序。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Server 2003 SP2 Microsoft Windows 2000SP4 厂商补丁： Microsoft ---------...

CVE-2010-0656

WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted...

Design/Logic Flaw

WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted...

CVE-2010-0656

WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted...

Microsoft Internet Explorer 8 - URI Validation Remote Code Execution

source: https://www.securityfocus.com/bid/37884/info Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application an...

KDE XMLHttpRequest安全绕过和kioslave输入验证漏洞

KDE是一款UNIX工下开源图形桌面环境。 KDE存在多个安全漏洞，具体如下： Ark输入过滤错误： KDE归档工具，由于不充分的校验可导致特殊构建的归档文件，使用未知的MIME类型，当使用KHTML实例渲染时，可触发不可控的XMLHTTPRequests给远程站点。 IO Slaves输入过滤错误： KDE协议处理器执行不充分的输入校验，攻击者可以构建恶意URI可触发JavaScript执行，另外'help://'协议处理器存在目录遍历攻击。不过注意此问题的恶意URI不能嵌入在Internet域内容中。 KMail输入过滤错误：...

SuSE 10 Security Update : Epiphany (ZYPP Patch Number 5889)

The Mozilla XULRunner 1.8.1 engine received backports for security problems in 1.9.0.5. The following security issues were fixed : - Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute...