Lucene search
K

5861 matches found

CVE
CVE
added 2007/10/18 12:0 a.m.51 views

CVE-2007-5540

The provided documents confirm CVE-2007-5540 affects Opera (pre-9.24) and enables bypassing the same-origin policy when displaying frames from different sites. The root cause is described as an unspecified flaw in how Opera handles cross-domain frames, allowing remote attackers to overwrite funct...

7.5CVSS6.3AI score0.0305EPSS
Exploits1References10Affected Software1
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.25 views

Opera < 9.24 Multiple Vulnerabilities

The version of Opera installed on the remote host reportedly may allow for arbitrary code execution if it has been configured to use an external news reader or email client and a user views a specially crafted web page. In addition, it may also allow a script to bypass the same-origin policy and...

9.3CVSS6.2AI score0.04543EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.29 views

openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-3541)

This update brings Mozilla Firefox to security update version 2.0.0.4 This is a major upgrade from the Firefox 1.5.0.x line for SUSE Linux 10.0. - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content...

9.3CVSS7.2AI score0.13847EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.46 views

openSUSE 10 Security Update : seamonkey (seamonkey-3631)

This update brings Mozilla SeaMonkey to security update version 1.1.2 - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such a...

9.3CVSS7.3AI score0.13847EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.255 views

openSUSE 10 Security Update : seamonkey (seamonkey-3632)

This update brings Mozilla SeaMonkey to security update version 1.1.2 - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such a...

9.3CVSS7.3AI score0.13847EPSS
Exploits1References8
FreeBSD
FreeBSD
added 2007/10/17 12:0 a.m.20 views

opera -- multiple vulnerabilities

An advisory from Opera reports: If a user has configured Opera to use an external newsgroup client or e-mail application, specially crafted Web pages can cause Opera to run that application incorrectly. In some cases this can lead to execution of arbitrary code. When accesing frames from differen...

6.6AI score
Exploits0References3
Opera Security Advisories
Opera Security Advisories
added 2007/10/16 12:0 a.m.18 views

Scripts can overwrite functions on pages from other domains

When accesing frames from different Web sites, specially crafted scripts can bypass the same-origin policy, and overwrite functions from those frames. If scripts on the page then run those functions, this can cause the script of the attacker's choice to run in the context of the target Web site...

3AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2007/10/16 12:0 a.m.14 views

Scripts can overwrite functions on pages from other domains – Opera Security Advisories

Scripts can overwrite functions on pages from other domains – Opera Security Advisories OPCOM Team | October 16, 2007 Scripts can overwrite functions on pages from other domains. Severity: Highly Severe Affected Versions All versions of Opera for Desktop prior to Opera 9.24. Problem Description...

5.8AI score
Exploits0References1
Prion
Prion
added 2007/08/20 7:17 p.m.14 views

Cross site scripting

Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."...

6.8CVSS6.2AI score0.01342EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2007/08/20 7:17 p.m.19 views

CVE-2007-4431

Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."...

6.8CVSS6AI score0.01342EPSS
Exploits1References5
Cvelist
Cvelist
added 2007/08/20 7:0 p.m.27 views

CVE-2007-4431

Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."...

6AI score0.01342EPSS
Exploits1References5
CVE
CVE
added 2007/08/20 7:0 p.m.50 views

CVE-2007-4431

CVE-2007-4431 is a cross-domain vulnerability affecting Apple Safari for Windows 3.0.3 and earlier. The issue allows remote attackers to bypass the Same Origin Policy via a crafted body.innerHTML value, enabling potential frame hijacking from local zones to external domains. The description is su...

6.8CVSS6AI score0.01342EPSS
Exploits1References5Affected Software1
seebug.org
seebug.org
added 2007/08/20 12:0 a.m.14 views

Apple Safari Beta同源策略冲突漏洞

Apple Safari是一款苹果公司开发的WEB浏览器。 Apple Safari Beta存在同源策略冲突问题,远程攻击者可以利用漏洞访问其他域中的敏感信息。 构建包含恶意JavaScript的WEB页,诱使用户访问,可导致访问其他域中的信息。 Apple Safari 3.0.3 Apple Safari 3.0.3 Apple Safari 3.0.2 Beta for Windows Apple Safari 3.0.2 Beta Apple Safari 3.0.1 Beta for Windows Apple Safari 3.0.1 Beta Apple Safari 3...

6.9AI score
Exploits0
Mozilla
Mozilla
added 2007/07/17 12:0 a.m.32 views

XSS using addEventListener and setTimeout — Mozilla

Mozilla contributor mozbugra4 demonstrated that the methods addEventListener and setTimeout could be used to inject script into another site in violation of the browser's same-origin policy. This could be used to access or modify private or valuable information from that other site...

4.3CVSS2.7AI score0.01349EPSS
Exploits1References3Affected Software2
NVD
NVD
added 2007/07/03 10:30 a.m.26 views

CVE-2007-3514

Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, ...

8.5CVSS5.9AI score0.01327EPSS
Exploits0References2
Prion
Prion
added 2007/07/03 10:30 a.m.24 views

Cross site scripting

Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, ...

8.5CVSS6.1AI score0.01502EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2007/07/03 10:0 a.m.60 views

CVE-2007-3514

CVE-2007-3514 describes a cross-domain vulnerability in Apple Safari for Windows 3.0.2 where JavaScript that overwrites the document variable and statically assigns the document.domain to a file:// location bypasses the Same Origin Policy and allows access to restricted information from other dom...

8.5CVSS5.9AI score0.01327EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2007/07/03 10:0 a.m.31 views

CVE-2007-3514

Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, ...

5.9AI score0.01327EPSS
Exploits0References2
Prion
Prion
added 2007/06/28 6:30 p.m.20 views

Cross site scripting

Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute...

7.8CVSS6.1AI score0.01502EPSS
Exploits0References3
NVD
NVD
added 2007/06/28 6:30 p.m.23 views

CVE-2007-3481

Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. NOTE: this issue...

5CVSS6.3AI score0.1585EPSS
Exploits0References3
Rows per page
Query Builder