92 matches found
EUVD-2007-1941
Malware in sbrugna...
EUVD-2007-1872
Malware in sbrugna...
SUSE CVE-2010-3773
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute...
Arbitrary Code Execution
firefox is vulnerable to arbitrary code execution. It was found that the fix for CVE-2010-0179 was incomplete when the Firebug add-on was used. If a user visited a website containing malicious JavaScript while the Firebug add-on was enabled, it could cause Firefox to execute arbitrary JavaScript...
Privilege Escalation
firefox is vulnerable to privilege escalation. The vulnerability exists when the Firebug add-on is in use. The XMLHttpRequestSpy module in the Firebug add-on exposes a Chrome privilege escalation flaw that could be used to execute arbitrary JavaScript with the privileges of the user running Firef...
Hikvision a network camera to the anonymous user to bypass the login permissions-bug warning-the black bar safety net
Network Camera firmware internal for the convenience of visitors to access, curing an anonymous account, which in most cases is disabled, but can be a base64 hard-coded way to create a cookie to bypass the login permissions review. User: anonymous Password:\1 7 7\1 7 7\1 7 7\1 7 7\1 7 7\1 7 7 !...
KesionCMS存储型跨站(可打管理员)
简要描述: KesionCMS存在存储型跨站,触发概率很大,可打管理员。 详细说明: KesionCMS X1.0.141014存在存储型跨站,利用此漏洞,我们可以攻击任意用户和管理员,获取任意用户和管理员cookie信息,或进行其它恶意攻击。 漏洞证明: 1、登录系统--》会员中心--》文章--》发布,在文章内容处插入flash文件。 2、发布文章时,拦截请求,将allowscriptaccess的属性值改为always 3、其它用户浏览发布的文章时,漏洞触发: 4、使用Firebug查看页面源代码,允许执行swf文件内的as代码:...
Firebug 1.03 Rep.JS Script Code Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/23349/info Firebug is prone to a script-code-injection vulnerability because it fails to adequately escape user-supplied data. An attacker can exploit this issue to execute arbitrary script code in the context of the...
openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:1243-1)
MozillaFirefox was updated to version 8 bnc728520 to fix the following security issues : dbg114-MozillaFirefox-5399 MozillaFirefox-5399 newupdateinfo MFSA 2011-47/CVE-2011-3648 bmo690225 Potential XSS against sites using Shift-JIS dbg114-MozillaFirefox-5399 MozillaFirefox-5399 newupdateinfo MFSA...
Taobao decoration can reference external js file-bug warning-the black bar safety net
Taobao decoration page for the js filter is not strict you can use user reference to an external js file, you can obtain other Taobao user cookies, modify your own shop reviews, baby sell number and the like. In Taobao decoration page that has a background image uploaded, as long as firebug for...
FineCMS存储型XSS(可打指定用户)
简要描述: 我来了,还是无耻的我 还是富文本过滤过滤 详细说明: 短消息功能存在存储型XSS漏洞,已经在官方复现。 1.给受害者发送短消息,在短消息中先插入百度地图: 2.插入地图成功后,通过firebug对这段HTML代码进行修改。修改完成后会是这样: PS:貌似过滤了alert,所以用eval重新拼接了一下。 漏洞证明: 受害者收到攻击者的短消息: 当受害者打开短消息时,攻击者植入的恶意脚本将自动触发: 虽然没有演示受害者cookies窃取(因为累了),但是100%可以的。...
phpok存储型跨站
简要描述: phpok4.0.515过滤不严格,导致存储型跨站产生,利用此漏洞我们可以盗取用户cookie包括管理员、钓鱼,修改用户信息等等。 详细说明: phpok4.0.515在产品展示模块的商品评论处没有对用户评论进行过滤,导致存储型XSS漏洞。 漏洞证明: 官方下载地址:http://www.phpok.com/phpok.html 测试浏览器:测试浏览器:IE10、Firefox29.0.1、Chrome33.0.1750.149 m 1、在用户评论处输入以下内容, 2、其他用户查看商品信息时或用户评论时,漏洞触发 3、管理员登录系统,审核用户评论时,漏洞触发...
11 Firefox Add-ons to Hack and PenTest
1. Tamper Data Tamper data is an great tool to to view and modify HTTP/HTTPS headers and post parameters. We can alter each request going from our machine to destination host with this. Thus it helps in security testing web application by modifying POST parameters. It can be used in performing XS...
Oracle Linux 5 / 6 : firefox (ELSA-2010-0966)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0966 advisory. firefox: 3.6.13-1.0.1.el60 - Added firefox-oracle-default-prefs.js and removed firefox-redhat-default-prefs.js bugz 11762 3.6.13-2 - Update to 3.6....
Readily remember arbitrary file upload flaws and fixes-vulnerability warning-the black bar safety net
Heard readily lend good make, registration number ready to buy a membership first try Pass avatar when the first-mover can now select all of the files, selected a qq. exe, point to upload, the bottom right corner traffic moving, Tip: incorrect format, open firebug, and then upload the returned fi...
Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2010-3766, CVE-2010-3767, CVE-2010-3772, CVE-2010-3776,...
Scientific Linux Security Update : firefox on SL5.x i386/x86_64
Several use-after-free flaws were found in Firefox. Visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user running Firefox. CVE-2010-0175, CVE-2010-0176, CVE-2010-0177 A flaw was found in Firefox that could allow an applet...
USN-1254-1: Thunderbird vulnerabilities
It was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Thunderbird 3.1. An attacker could potentially exploit a user who had installed an add-on that used loadSubscript in vulnerable ways. CVE-2011-3647 Yosuke Hasegawa discovered that the...
SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5429)
Mozilla Firefox has been updated to version 1.9.2.24 bnc728520 to fix the following security issues : - bmo680880 loadSubScript unwraps XPCNativeWrapper scope parameter. MFSA 2011-46 / CVE-2011-3647 - bmo690225 Potential XSS against sites using Shift-JIS. MFSA 2011-47 / CVE-2011-3648 - bmo674776...
Seamonkey update (critical)
Seamonkey was upgraded to version 2.5 in order to fix the following security problems: MFSA 2011-47/CVE-2011-3648 bmo690225 Potential XSS against sites using Shift-JIS MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards MFSA 2011-49/CVE-2011-3650 bmo674776...