96 matches found
CVE-2007-2060
CVE-2007-2060 affects the Wizz RSS Reader Firefox extension (pre-2.1.9). A cross-zone scripting flaw allows remote attackers to run arbitrary JavaScript in the browser chrome via the RSS feed DOM, enabling potential remote code execution in the user’s browser UI. The vulnerability is described ac...
CVE-2007-1947
Cross-zone scripting vulnerability in the DOM templates domplates used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome by...
CVE-2007-1947
Cross-zone scripting vulnerability in the DOM templates domplates used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome by...
CVE-2007-1878
Cross-zone scripting vulnerability in the DOM templates domplates used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as...
CVE-2007-1878
CVE-2007-1878 describes a Cross-zone scripting weakness in the DOM templates (domplates) used by Firebug’s console.log in Firefox, allowing remote execution by bypassing zone restrictions and reading file:// URIs via the runFile path, due to lack of HTML escaping in the property name. It affects ...
CVE-2007-0706
Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are...
CVE-2007-0705
CVE-2007-0705 affects Sleipnir 2.49 and earlier and Portable Sleipnir 2.45 and earlier. The vulnerability arises from RSS data handling in Sleipnir’s RSS bar, allowing a cross-zone scripting attack that bypasses Web content zone restrictions and could cause arbitrary script execution in an inappr...
CVE-2007-0706
Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are...
CVE-2007-0706
Cross-zone scripting vulnerability (CVE-2007-0706) affects Darksky RSS bar for Internet Explorer < 1.29, Sleipnir RSS bar < 1.29, and unDonut RSS bar
CVE-2007-0705
Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and Portable Sleipnir 2.45 and earlier, allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information...
MOAB-03-01-2007: Apple Quicktime HREFTrack Cross-Zone Scripting vulnerability
Summary A month ago, a vulnerability in QuickTime was exploited to spread a worm in MySpace. The vulnerability was first published by pdp. In his article, pdp describes how HREFTrack attribute in .mov files can be used for malicious scripting. The MySpace worm abused this vulnerability in a...
Apple Quicktime HREFTrack Cross-Zone Scripting vulnerability
Overview Web browsers running the Apple QuickTime plugin may allow remote web sites to reference content on the local filesystem. This may allow an attacker to execute script within the security context of the local machine. Description Web browser plugins that allow remote web sites to reference...
VulnCheck KEV: CVE-2006-4704
Cross-zone scripting vulnerability in the WMI Object Broker WMIScriptUtils.WMIObjectBroker2 ActiveX control WmiScriptUtils.dll in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI...
CVE-2007-0059
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie .MOV with an HREF Track HREFTrack that contains an automatic action tag with a local URI, which is executed in a loca...
Cross site scripting
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie .MOV with an HREF Track HREFTrack that contains an automatic action tag with a local URI, which is executed in a loca...
CVE-2007-0059
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie .MOV with an HREF Track HREFTrack that contains an automatic action tag with a local URI, which is executed in a loca...
CVE-2007-0059
CVE-2007-0059 is a cross-zone scripting vulnerability in Apple QuickTime 3–7.1.3 . A QuickTime movie (.MOV) with an HREF Track that contains an automatic action tag with a local URI can execute in the local zone during preview, enabling remote user‑assisted execution and the ability to list files...
Apple QuickTime 7.1.3 - HREFTrack Cross-Zone Scripting
Apple QuickTime 7.1.3 - HREFTrack Cross-Zone Scripting !/usr/bin/ruby c 2006 LMH Original scripting and POC by Aviv Raff http://aviv.raffon.net. Description: Exploit for MOAB-03-01-2007. If argument 'serve' is passed, it uses port 21 for running the fake FTP server required. HTTP server port can ...
Apple Quicktime <= 7.1.3 (HREFTrack) Cross-Zone Scripting Exploit
Exploit for macOS platform in category remote exploits ================================================================= Apple Quicktime Original scripting and POC by Aviv Raff http://aviv.raffon.net. Description: Exploit for MOAB-03-01-2007. If argument 'serve' is passed, it uses port 21 for...
Apple QuickTime 7.1.3 - 'HREFTrack' Cross-Zone Scripting
!/usr/bin/ruby c 2006 LMH Original scripting and POC by Aviv Raff http://aviv.raffon.net. Description: Exploit for MOAB-03-01-2007. If argument 'serve' is passed, it uses port 21 for running the fake FTP server required. HTTP server port can be modified but it's not recommended. Adjust as...