EUVD-2004-1311

Malware in sbrugna...

Servant, Stalker, Predator: How an Honest, Helpful, and Harmless (3H) Agent Unlocks Adversarial Skills

This paper identifies and analyzes a novel vulnerability class in Model Context Protocol MCP based agent systems. The attack chain describes and demonstrates how benign, individually authorized tasks can be orchestrated to produce harmful emergent behaviors. Through systematic analysis using the...

Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity...

Inside Microsoft Threat Protection: Solving cross-domain security incidents through the power of correlation analytics

In theory, a cyberattack can be disrupted at every phase of the attack chain. In reality, however, defense stack boundaries should overlap in order to be effective. When a threat comes via email, for example, even with good security solutions in place, organizations must assume that the threat ma...

Security Bulletin: Open Source Mozilla Firefox vulnerability in IBM Storwize V7000 Unified (CVE-2015-0801, CVE-2015-0807, CVE-2015-0813, CVE-2015-0815, CVE-2015-0816,CVE-2015-0817, CVE-2015-0818, CVE-2015-2708, CVE-2015-2709)

Summary A fix is available for IBM Storwize V7000 Unified, for the Open Source Mozilla Firefox security vulnerabilities found in March 2015. Vulnerability Details IBM Storwize V7000 Unified is shipped with Mozilla Firefox .There are vulnerabilities in certain versions of Mozilla Firefox shipped i...

Security Bulletin: Open Source Mozilla Firefox vulnerability in IBM SONAS (CVE-2015-0801, CVE-2015-0807, CVE-2015-0813, CVE-2015-0815, CVE-2015-0816,CVE-2015-0817, CVE-2015-0818, CVE-2015-2708, CVE-2015-2709)

Summary A fix is available for IBM SONAS, for the Open Source Mozilla Firefox security vulnerabilities found inMarch 2015. Vulnerability Details IBM SONAS is shipped with Mozilla Firefox.There are vulnerabilities in certain versions of Mozilla Firefox shipped in certain versions of IBM SONAS. Thi...

Google Chrome < 1.0.154.46 Multiple Vulnerabilities

Binary data 4920.pasl...

Cross site scripting

Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Eve...

CVE-2008-3472

Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTM...

Microsoft IE帧位置绕过跨域安全限制漏洞

BUGTRAQ ID: 29986 Internet Explorer是微软发布的非常流行的WEB浏览器。 Internet Explorer没有正确地限制对文档帧的访问。攻击者可以用任意内容替换网页的帧的内容，Internet Explorer看起来仍在强制跨域安全模型限制恶意帧可对父文档所执行的操作。例如，其他域中的帧不可以访问父文档的cookies、HTML内容或其他帧特定的DOM组件，但组件是不受特定域约束的，如onmousedown事件。通过监控这个特殊的事件，IFRAME就可以从父文档捕获键盘输入，或执行其他恶意攻击。 Microsoft Internet Explorer...

Microsoft Internet Explorer source element cross-domain vulnerability

Overview Microsoft Internet Explorer fails to properly handle redirects for source elements. This can allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Cross-Domain Security Model IE uses a cross-domain security model to maintain separation between browser...

Microsoft Internet Explorer HTML Document object cross-domain vulnerability

Overview Microsoft Internet Explorer contains a cross-domain vulnerability in how it handles redirected object data. This could allow an attacker to access the content of a web page in a different domain. Description The Cross-Domain Security Model IE uses a cross-domain security model to maintai...

CVE-2005-4089

Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets CSS files, as demonstrated using Google Desktop, aka...

Microsoft Internet Explorer contains URL decoding cross-domain vulnerability

Overview A URL decoding vulnerability in Microsoft Internet Explorer may allow remote attackers to bypass zone security restrictions and execute arbitrary code on affected systems. Description IE uses a cross-domain security model to maintain separation between browser frames from different...

CVE-2003-1328

The CVE concerns Microsoft Internet Explorer 5.01, 5.5, and 6.0, where the showHelp() function supports certain pluggable protocols that can bypass the cross‑domain security model and allow remote code execution. The OpenVAS entries reference the affected patches (MS03-004 and MS05-020) and indic...

CVE-2003-1326

Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."...

CVE-2003-1326

Microsoft Internet Explorer 5.5 and 6.0 are affected by CVE-2003-1326, which enables remote attackers to bypass cross-domain security and execute script or arbitrary code via dialog boxes. The issue centers on improper handling of dialog frames and the dialogArguments mechanism, enabling cross-do...

CVE-2003-1328

The showHelp function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."...

Microsoft Internet Explorer does not properly validate source of redirected frame

Overview Microsoft Internet Explorer IE does not adequately validate the security context of a frame that has been redirected by a web server. An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone...

Microsoft Internet Explorer 5/6 - Cross-Domain Event Leakage

source: https://www.securityfocus.com/bid/9761/info Microsoft Internet Explorer is reported to be prone to an issue that may leak sensitive information across foreign domains. This issue could permit framesets in different domains to leak various events, including keyboard events. This could...