CVE-2011-3670

Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and...

Apache httpOnly Cookie Disclosure(CVE-2012-0053)

No description provided by source. // Source: https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08 // Most browsers limit cookies to 4k characters, so we need multiple function setCookies good // Construct string for cookie value var str = ""; for var i=0; i 819;...

Mozilla: Same-origin bypass using IPv6-like hostname syntax (MFSA 2012-02)

Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and...

Overly permissive IPv6 literal syntax — Mozilla

For historical reasons Firefox has been generous in its interpretation of web addresses containing square brackets around the host. If this host was not a valid IPv6 literal address, Firefox attempted to interpret the host as a regular domain name. Gregory Fleischer reported that requests made...

Apache httpOnly Cookie Disclosure

Exploit for multiple platform in category remote exploits // Source: https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08 // Most browsers limit cookies to 4k characters, so we need multiple function setCookies good // Construct string for cookie value var str = "...

Apache - httpOnly Cookie Disclosure

Apache - httpOnly Cookie Disclosure // Source: https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08 // Most browsers limit cookies to 4k characters, so we need multiple function setCookies good // Construct string for cookie value var str = ""; for var i=0; i...

Apache protocol.c Cookie Disclosure

// Source: https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08 // Most browsers limit cookies to 4k characters, so we need multiple function setCookies good // Construct string for cookie value var str = ""; for var i=0; i content var content =...

DEDECMS recent xss 0day pass to kill all versions-bug warning-the black bar safety net

Vulnerability cause: due to Editor filter is not strict, will cause the malicious script to run. Can getshell Currently only tested on 5. 3 to 5. 7 version. Other earlier everyone is free to play. Here to talk about the use of the method. Condition 2: The 1. Open registration 2. Open submission...

WordPress Plugin Bannerize 2.8.6 - SQL Injection

WordPress Plugin Bannerize 2.8.6 - SQL Injection Exploit Title: WordPress WP Bannerize plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0-- " -H "X-Requested-With:XMLHttpRequest" http://www.site.com/wp-content/plugins/wp-bannerize/ajaxclickcounter.php --------------- Vulnerable code...

CentOS Update for firefox CESA-2010:0681 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

ajax cross-site exploits, and prevention-vulnerability and early warning-the black bar safety net

by lonely To talk about cross-site attack prevention:in ASP you can use:HTMLEncode function to prevent,while in PHP you can use htmlspecialchars; in ASP. NET can be used:HTMLEncode;the so-called Cross-Station that is due to the Web application the filter is not strict,resulting in the reception b...

CVE-2010-3773

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute...

CVE-2010-3773

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute...

CVE-2010-1767

Cross-site request forgery CSRF vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest...

CVE-2010-1767

Cross-site request forgery CSRF vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest...

CVE-2010-1767

Cross-site request forgery CSRF vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest...

CVE-2010-1767

The CVE-2010-1767 entry describes a Cross‑Site Request Forgery (CSRF) vulnerability in WebKit’s WebCore, specifically in loader/DocumentThreadableLoader.cpp. It affects WebKit before revision r57041 and is noted to be used in Google Chrome before 4.1.249.1059. The vulnerability allows an attacker...

Mozilla Foundation Security Advisory 2010-63

Mozilla Foundation Security Advisory 2010-63 Title: Information leak via XMLHttpRequest statusText Impact: Low Announced: September 7, 2010 Reporter: Matt Haggard, Nicholas Berthaume Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.9 Firefox 3.5.12 Thunderbird 3.1.3 Thunderbird 3.0...

CVE-2010-2764

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web...

Cross site scripting

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web...