Lucene search
K

96 matches found

CVE
CVE
added 2007/04/18 2:20 a.m.53 views

CVE-2007-2060

CVE-2007-2060 affects the Wizz RSS Reader Firefox extension (pre-2.1.9). A cross-zone scripting flaw allows remote attackers to run arbitrary JavaScript in the browser chrome via the RSS feed DOM, enabling potential remote code execution in the user’s browser UI. The vulnerability is described ac...

6.8CVSS6.9AI score0.03175EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2007/04/11 1:19 a.m.24 views

CVE-2007-1947

Cross-zone scripting vulnerability in the DOM templates domplates used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome by...

3.5CVSS6.9AI score0.04483EPSS
Exploits0References3
Cvelist
Cvelist
added 2007/04/11 1:0 a.m.34 views

CVE-2007-1947

Cross-zone scripting vulnerability in the DOM templates domplates used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome by...

6.9AI score0.04483EPSS
Exploits0References3
NVD
NVD
added 2007/04/06 12:19 a.m.30 views

CVE-2007-1878

Cross-zone scripting vulnerability in the DOM templates domplates used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as...

6.8CVSS6.9AI score0.0504EPSS
Exploits1References10
CVE
CVE
added 2007/04/06 12:0 a.m.80 views

CVE-2007-1878

CVE-2007-1878 describes a Cross-zone scripting weakness in the DOM templates (domplates) used by Firebug’s console.log in Firefox, allowing remote execution by bypassing zone restrictions and reading file:// URIs via the runFile path, due to lack of HTML escaping in the property name. It affects ...

6.8CVSS6.9AI score0.0504EPSS
Exploits1References10Affected Software1
NVD
NVD
added 2007/02/04 12:28 a.m.20 views

CVE-2007-0706

Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are...

7.5CVSS6.4AI score0.01427EPSS
Exploits0References3
CVE
CVE
added 2007/02/04 12:0 a.m.45 views

CVE-2007-0705

CVE-2007-0705 affects Sleipnir 2.49 and earlier and Portable Sleipnir 2.45 and earlier. The vulnerability arises from RSS data handling in Sleipnir’s RSS bar, allowing a cross-zone scripting attack that bypasses Web content zone restrictions and could cause arbitrary script execution in an inappr...

7.5CVSS6.4AI score0.01688EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2007/02/04 12:0 a.m.25 views

CVE-2007-0706

Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are...

6.4AI score0.01427EPSS
Exploits0References3
CVE
CVE
added 2007/02/04 12:0 a.m.55 views

CVE-2007-0706

Cross-zone scripting vulnerability (CVE-2007-0706) affects Darksky RSS bar for Internet Explorer < 1.29, Sleipnir RSS bar < 1.29, and unDonut RSS bar

7.5CVSS6.4AI score0.01427EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2007/02/04 12:0 a.m.23 views

CVE-2007-0705

Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and Portable Sleipnir 2.45 and earlier, allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information...

6.4AI score0.01688EPSS
Exploits0References6
securityvulns
securityvulns
added 2007/01/21 12:0 a.m.55 views

MOAB-03-01-2007: Apple Quicktime HREFTrack Cross-Zone Scripting vulnerability

Summary A month ago, a vulnerability in QuickTime was exploited to spread a worm in MySpace. The vulnerability was first published by pdp. In his article, pdp describes how HREFTrack attribute in .mov files can be used for malicious scripting. The MySpace worm abused this vulnerability in a...

7.4AI score
Exploits0
CERT
CERT
added 2007/01/12 12:0 a.m.34 views

Apple Quicktime HREFTrack Cross-Zone Scripting vulnerability

Overview Web browsers running the Apple QuickTime plugin may allow remote web sites to reference content on the local filesystem. This may allow an attacker to execute script within the security context of the local machine. Description Web browser plugins that allow remote web sites to reference...

6.8CVSS5.7AI score0.05638EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2007/01/09 12:0 a.m.3 views

VulnCheck KEV: CVE-2006-4704

Cross-zone scripting vulnerability in the WMI Object Broker WMIScriptUtils.WMIObjectBroker2 ActiveX control WmiScriptUtils.dll in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI...

6.8CVSS6.2AI score0.42846EPSS
Exploits6References1
NVD
NVD
added 2007/01/05 12:28 a.m.23 views

CVE-2007-0059

Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie .MOV with an HREF Track HREFTrack that contains an automatic action tag with a local URI, which is executed in a loca...

6.8CVSS6.7AI score0.05638EPSS
Exploits1References6
Prion
Prion
added 2007/01/05 12:28 a.m.18 views

Cross site scripting

Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie .MOV with an HREF Track HREFTrack that contains an automatic action tag with a local URI, which is executed in a loca...

6.8CVSS6.9AI score0.05638EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2007/01/05 12:0 a.m.28 views

CVE-2007-0059

Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie .MOV with an HREF Track HREFTrack that contains an automatic action tag with a local URI, which is executed in a loca...

6.7AI score0.05638EPSS
Exploits1References6
CVE
CVE
added 2007/01/05 12:0 a.m.54 views

CVE-2007-0059

CVE-2007-0059 is a cross-zone scripting vulnerability in Apple QuickTime 3–7.1.3 . A QuickTime movie (.MOV) with an HREF Track that contains an automatic action tag with a local URI can execute in the local zone during preview, enabling remote user‑assisted execution and the ability to list files...

6.8CVSS6.7AI score0.05638EPSS
Exploits1References6Affected Software1
exploitpack
exploitpack
added 2007/01/03 12:0 a.m.14 views

Apple QuickTime 7.1.3 - HREFTrack Cross-Zone Scripting

Apple QuickTime 7.1.3 - HREFTrack Cross-Zone Scripting !/usr/bin/ruby c 2006 LMH Original scripting and POC by Aviv Raff http://aviv.raffon.net. Description: Exploit for MOAB-03-01-2007. If argument 'serve' is passed, it uses port 21 for running the fake FTP server required. HTTP server port can ...

7AI score
Exploits0
0day.today
0day.today
added 2007/01/03 12:0 a.m.22 views

Apple Quicktime <= 7.1.3 (HREFTrack) Cross-Zone Scripting Exploit

Exploit for macOS platform in category remote exploits ================================================================= Apple Quicktime Original scripting and POC by Aviv Raff http://aviv.raffon.net. Description: Exploit for MOAB-03-01-2007. If argument 'serve' is passed, it uses port 21 for...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2007/01/03 12:0 a.m.42 views

Apple QuickTime 7.1.3 - &#039;HREFTrack&#039; Cross-Zone Scripting

!/usr/bin/ruby c 2006 LMH Original scripting and POC by Aviv Raff http://aviv.raffon.net. Description: Exploit for MOAB-03-01-2007. If argument 'serve' is passed, it uses port 21 for running the fake FTP server required. HTTP server port can be modified but it's not recommended. Adjust as...

7.4AI score
Exploits0
Rows per page
Query Builder