CVE-2009-1681

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a craft...

CVE-2009-1681

Summary: CVE-2009-1681 affects WebKit in Apple Safari (and iPhone OS variants) where loading third-party content into a subframe bypasses the Same Origin Policy, enabling clickjacking. The connected documents provide detailed CVE entries and advisories, notably Debian DSA-1950-1 and openVAS/Nessu...

CVE-2009-1681

Removed by vendor...

Cumulative Security Update for Internet Explorer (969897)

This host is missing a critical security update according to Microsoft Bulletin MS09-019. OpenVAS Vulnerability Test $Id: secpodms09-019.nasl 6527 2017-07-05 05:56:34Z cfischer $ Cumulative Security Update for Internet Explorer 969897 Authors: Sharath S Updated By: Madhuri D on 2010-12-01 - To...

PT-2009-3704 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 SP4 through 7 for various Windows operating systems Description: The issue allows remote attackers to bypass the Same Origin Policy, potentially leading to information disclosure. This is due to the...

Cumulative Security Update for Internet Explorer (969897)

This host is missing a critical security update according to Microsoft Bulletin MS09-019. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Internet Explorer Cross Domain Document Switching (MS09-019; CVE-2007-3091)

Microsoft Internet Explorer is the most widely used Internet browser. An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a script that can create a race condition that could break the same-origin policy of Internet Explorer and re...

Microsoft Internet Explorer Cached Content Cross Domain Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to access local files or content from a browser window in another domain or security...

Microsoft Internet Explorer 5.0.1 - Cached Content Cross Domain Information Disclosure

Microsoft Internet Explorer 5.0.1 - Cached Content Cross Domain Information Disclosure source: https://www.securityfocus.com/bid/35200/info Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin...

Microsoft Internet Explorer 5.0.1 - Cached Content Cross Domain Information Disclosure

source: https://www.securityfocus.com/bid/35200/info Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to access local files or content from a...

WebKit - 'parent/top' Cross Domain Scripting

source: https://www.securityfocus.com/bid/35441/info WebKit is prone to a cross-domain scripting vulnerability. A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or launch spoofing attacks against other sites. Other...

WebKit - parenttop Cross Domain Scripting

WebKit - parenttop Cross Domain Scripting source: https://www.securityfocus.com/bid/35441/info WebKit is prone to a cross-domain scripting vulnerability. A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or launch spoofi...

Safari < 3.2.3 Multiple Vulnerabilities

The version of Safari installed on the remote Windows host is earlier than 3.2.3. Such versions are potentially affected by several issues : - A heap-based buffer overflow issue in the libxml library when handling long entity names could lead to a crash or arbitrary code execution. CVE-2008-3529 ...

Debian DSA-1797-1 : xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0652 Moxie Marlinspike discovered that Unicode box drawi...

Debian: Security Advisory (DSA-1797-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 1797-1] New xulrunner packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1797-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 09, 2009 http://www.debian.org/security/faq -...

WebKit - JavaScript onload() Event Cross Domain Scripting

WebKit - JavaScript onload Event Cross Domain Scripting source: https://www.securityfocus.com/bid/35315/info WebKit is prone to a cross-domain scripting vulnerability because it fails to properly restrict the access of JavaScript code when loading new webpages. A remote attacker can exploit this...

WebKit - JavaScript &#039;onload()&#039; Event Cross Domain Scripting

source: https://www.securityfocus.com/bid/35315/info WebKit is prone to a cross-domain scripting vulnerability because it fails to properly restrict the access of JavaScript code when loading new webpages. A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtai...

Google Chrome Multilpe XSS Vulnerabilities (May 09)

The host is installed with Google Chrome and is prone to multiple XSS vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultxssvulnmay09.nasl 4869 2016-12-29 11:01:45Z teissa $ Google Chrome Multilpe XSS Vulnerabilities May 09 Authors: Nikita MR Copyright: Copyright c 2009 Greenbone...

Mozilla Foundation Security Advisory 2009-19

Mozilla Foundation Security Advisory 2009-19 Title: Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString Impact: High Announced: April 21, 2009 Reporter: mozbugra4 Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.9 Description Mozilla security researcher mozbugra4...