15 matches found
EUVD-2007-4941
Malware in sbrugna...
A Second Life for the 'Do Not Track' Setting—With Teeth
In recent years, the setting has been criticized as being essentially meaningless. But it might have a crucial role to play in enforcing privacy regulations...
link.secondlife.com Open Redirect vulnerability
Vulnerable URL: http://link.secondlife.com/u.d?XYGphEFE1sytph8zYp10E=1541=762521669=https://www.openbugbounty.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 18.01.2018 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown ...
wiki.secondlife.com XSS vulnerability
Vulnerable URL: https://wiki.secondlife.com/w/thumb.php?f=x%23%3Cbody%09onmousemove=confirm%28%27XSSPOSED%27%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...
Apple QuickTime RTSP Response Header Content-Type Remote Stack Based Buffer Overflow Vulnerability
Description Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized stack-based memory buffer. This issue occurs when handling specially crafted RTSP Response headers...
Second Life URI处理器敏感信息泄露漏洞
Second Life是一种基于网络的虚拟现实游戏。 Second Life安装的URI处理器实现机制上存在漏洞,远程攻击者可能利用此漏洞通过诱使用户访问恶意网页获取用户的敏感信息。 SecondLife注册的"secondlife://" URI处理器允许网站指定任意参数调用它,比如用于认证的"-autologin"和"-loginuri"参数,这样如果用户访问了带有恶意命令的网页,客户端会向发生命令的网页发送用户名和口令HASH,从而导致用户Second Life相关的敏感信息泄露。 Linden Research, Inc. Second Life 1.x...
CVE-2007-4960
Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' double-quote space sequence followed by the -autologin and -loginuri arguments, whic...
CVE-2007-4961
The logintosimulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending...
Design/Logic Flaw
Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' double-quote space sequence followed by the -autologin and -loginuri arguments, whic...
Authentication flaw
The logintosimulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending...
CVE-2007-4960
The CVE-2007-4960 entry concerns an argument-injection vulnerability in Linden Lab’s Second Life secondlife:// protocol handler, used by Internet Explorer (and possibly Firefox). The issue allows a remote attacker to craft a sequence consisting of a quote space ('" ') followed by -autologin and -...
CVE-2007-4960
Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' double-quote space sequence followed by the -autologin and -loginuri arguments, whic...
CVE-2007-4961
The CVE-2007-4961 description documents an authentication flaw in Linden Lab Second Life: the login_to_simulator method (used by the secondlife:// protocol handler) transmits an MD5 hash in cleartext in the passwd field, enabling an attacker who can sniff network traffic to login to an account by...
CVE-2007-4961
The logintosimulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending...
PT-2007-6075 · Linden · Second Life
Name of the Vulnerable Software and Affected Versions: Linden Lab Second Life affected versions not specified Description: The issue concerns the login to simulator method, which sends an MD5 hash in cleartext in the passwd field. This allows remote attackers to login to an account by sniffing th...