CVE-2005-2455

Greasemonkey before 0.3.5 allows remote web servers to 1 read arbitrary files via a GET request to a file:// URL in the GMxmlhttpRequest API function, 2 list installed scripts using GMscripts, or obtain sensitive information via 3 GMsetValue and GMgetValue...

Greasemonkey.txt

// Proof of concept exploits by Mark Pilgrim // 1 - Will disclose the contents of c:\boot.ini window.GMxmlhttpRequest = null; function trapGM03sPropertyName, sOldValue, sNewValue window.GMxmlhttpRequest = window.GMxmlhttpRequest; return sNewValue; function trapGM04sPropertyName, sOldValue,...

Greasemonkey 0.3.3 - Multiple Remote Information Disclosure Vulnerabilities

source: https://www.securityfocus.com/bid/14336/info Greasemonkey is susceptible to multiple remote information disclosure vulnerabilities. These issues are due to a design error allowing insecure JavaScript functions to be executed by remote Web sites. The specified issues exist in the...

Greasemonkey 0.3.3 - Multiple Remote Information Disclosure Vulnerabilities

Greasemonkey 0.3.3 - Multiple Remote Information Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/14336/info Greasemonkey is susceptible to multiple remote information disclosure vulnerabilities. These issues are due to a design error allowing insecure JavaScript functions to ...