4 matches found
Design/Logic Flaw
Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the 1 GMaddStyle, 2 GMlog, 3 GMopenInTab, 4 GMsetValue, 5 GMgetValue, o...
CVE-2007-6640
Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the 1 GMaddStyle, 2 GMlog, 3 GMopenInTab, 4 GMsetValue, 5 GMgetValue, o...
CVE-2007-6640
Creammonkey (0.9–1.1) and GreaseKit (1.2–1.3) expose dangerous user-scripting APIs (GM_addStyle, GM_log, GM_openInTab, GM_setValue, GM_getValue, GM_xmlhttpRequest) to web pages, allowing a remote attacker to read/modify configuration or trigger HTTP requests from a page hosting a userscript. The ...
JVN#33044255 GreaseKit and Creammonkey allows execution of userscript functions
GreaseKit and Creammonkey are plugins that enable user scripting to Safari and other Apple Webkit applications, and they provide APIs callable only from userscripts. GreaseKit and Creammonkey are vulnerable in allowing APIs called from a web page. Impact When a user views a specially crafted web...