Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

632 matches found

seebug.org
seebug.orgadded 2008/11/21 12:0 a.m.14 views

vBulletin 3.7.3 Visitor Message XSS/XSRF + worm Exploit

No description provided by source. / ----------------------------- Author = Mx Title = vBulletin 3.7.3 Visitor Messages XSS/XSRF + worm Software = vBulletin Addon = Visitor Messages Version = 3.7.3 Attack = XSS/XSRF - Description = A critical vulnerability exists in the new vBulletin 3.7.3 softwa...

7.1AI score
Exploits0
0day.today
0day.todayadded 2008/11/20 12:0 a.m.23 views

vBulletin 3.7.3 Visitor Message XSS/XSRF + worm Exploit

Exploit for unknown platform in category web applications ======================================================= vBulletin 3.7.3 Visitor Message XSS/XSRF + worm Exploit ======================================================= / ----------------------------- Author = Mx Title = vBulletin 3.7.3...

7.1AI score
Exploits0
securityvulns
securityvulnsadded 2008/11/14 12:0 a.m.82 views

Mozilla Foundation Security Advisory 2008-56

Mozilla Foundation Security Advisory 2008-56 Title: nsXMLHttpRequest::NotifyEventListeners same-origin violation Impact: High Announced: November 12, 2008 Reporter: mozbugra4 Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.4 Firefox 2.0.0.18 Thunderbird 2.0.0.18 SeaMonkey 1.1.13...

7.5CVSS0.6AI score0.13446EPSS
Exploits0
Packet Storm
Packet Stormadded 2008/10/01 12:0 a.m.31 views

webshell431-xssxsrf.txt

======================================================================= . .. | | / / | | | | / \ / / /\ / / \ | | | / / \ /\ \| | / // / /\ \ / / / // http://www.lowsec.org ========================================================================...

7.4AI score
Exploits0
securityvulns
securityvulnsadded 2008/08/04 12:0 a.m.59 views

Pligg Auto-Voter Using XSS to Bypass CSRF Protection

Explanation: Pligg Suffers from a Reflective Cross Site Scripting vulnerability in index.php. For the $GET'category' variable. Exploit code was written that uses this flaw to bypass the CSRF protection to then vote on any pligg article of the attackers choosing. I took inspiration from the Myspac...

1.2AI score
Exploits0
Prion
Prionadded 2008/07/07 11:41 p.m.20 views

Cross site scripting

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via vectors involving 1 an event handler attached to an outer window, 2 a SCRIPT element in an unloaded document, or 3 the...

4.3CVSS5.6AI score0.02008EPSS
Exploits1References48Affected Software2
Cvelist
Cvelistadded 2008/07/07 11:0 p.m.23 views

CVE-2008-2800

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via vectors involving 1 an event handler attached to an outer window, 2 a SCRIPT element in an unloaded document, or 3 the...

5.8AI score0.02008EPSS
Exploits1References48
UbuntuCve
UbuntuCveadded 2008/07/07 12:0 a.m.23 views

CVE-2008-2800

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via vectors involving 1 an event handler attached to an outer window, 2 a SCRIPT element in an unloaded document, or 3 the...

4.3CVSS5.8AI score0.02008EPSS
Exploits1References2
RedHat Linux
RedHat Linuxadded 2008/07/02 12:48 p.m.1 views

Firefox XSS attacks

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via vectors involving 1 an event handler attached to an outer window, 2 a SCRIPT element in an unloaded document, or 3 the...

4.3CVSS5.6AI score0.02008EPSS
Exploits1References4
Exploit DB
Exploit DBadded 2008/04/07 12:0 a.m.20 views

Microsoft Internet Explorer 7 - Header Handling 'res://' Information Disclosure

source: https://www.securityfocus.com/bid/28667/info Microsoft Internet Explorer is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain potentially sensitive information from the local computer. Information obtained may aid in further attacks. This issue...

7AI score
Exploits0
Prion
Prionadded 2008/03/28 11:44 p.m.23 views

Design/Logic Flaw

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to 1 conduct HTTP request splitting and HTTP...

7.1CVSS6.6AI score0.51206EPSS
Exploits0References12Affected Software1
Prion
Prionadded 2008/03/28 11:44 p.m.12 views

Cross site request forgery (csrf)

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a...

4.3CVSS7AI score0.24205EPSS
Exploits1References6Affected Software1
NVD
NVDadded 2008/03/28 11:44 p.m.18 views

CVE-2008-1544

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to 1 conduct HTTP request splitting and HTTP...

7.1CVSS6.2AI score0.51206EPSS
Exploits0References12
NVD
NVDadded 2008/03/28 11:44 p.m.13 views

CVE-2008-1545

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a...

4.3CVSS6.5AI score0.24205EPSS
Exploits1References6
CVE
CVEadded 2008/03/28 11:0 p.m.40 views

CVE-2005-4874

The vulnerability CVE-2005-4874 affects the XMLHttpRequest object in Mozilla 1.7.8, where the HTTP TRACE method can be abused to disclose credentials. Specifically, an attacker can obtain (1) proxy authentication passwords via a request with Max-Forwards: 0 and (2) arbitrary local passwords on th...

4.3CVSS6.8AI score0.00094EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2008/03/28 11:0 p.m.91 views

CVE-2008-1544

CVE-2008-1544 relates to Internet Explorer (IE) 5.01/6/7 where setRequestHeader can bypass header-safety checks, enabling HTTP request splitting/smuggling, host/Referer manipulation, and potential same-origin policy bypass. Microsoft’s connected documentation confirms a fix via MS08-031 (Cumulati...

7.1CVSS6.1AI score0.51206EPSS
Exploits0References12Affected Software1
CVE
CVEadded 2008/03/28 11:0 p.m.60 views

CVE-2008-1545

In this CVE, the affected component is the XMLHttpRequest.setRequestHeader implementation in Microsoft Internet Explorer 7. The issue arises because the method does not restrict the dangerous Transfer-Encoding HTTP header, enabling remote attackers to perform HTTP request splitting and HTTP reque...

4.3CVSS6.5AI score0.24205EPSS
Exploits1References6Affected Software1
Cvelist
Cvelistadded 2008/03/28 11:0 p.m.26 views

CVE-2008-1544

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to 1 conduct HTTP request splitting and HTTP...

6.2AI score0.51206EPSS
Exploits0References12
Cvelist
Cvelistadded 2008/03/28 11:0 p.m.19 views

CVE-2008-1545

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a...

6.5AI score0.24205EPSS
Exploits1References6
Cvelist
Cvelistadded 2008/03/28 11:0 p.m.25 views

CVE-2005-4874

The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain 1 proxy authentication passwords via a request with a "Max-Forwards: 0" header or 2 arbitrary local passwords on the web server that hosts this object...

6.8AI score0.00094EPSS
Exploits1References3
Rows per page
Query Builder