16 matches found
EUVD-2012-5510
Malware in sbrugna...
EUVD-2013-2864
Malware in sbrugna...
U.S. Dept Of Defense: [██████] Reflected GET XSS (/personnel.php?..&folder=*) with mouse action
I will combine this vulnerability with this vulnerability described in this report 648222. If you have not read this report, I recommend reading that report first, and then studying this report. I want to note that this report cannot be closed as a duplicate to the above described report. why?...
Cross site scripting
On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting XSS attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of t...
CVE-2018-6212
On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting XSS attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of t...
CVE-2015-2733
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker...
Design/Logic Flaw
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker...
CVE-2015-2733
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker...
CVE-2015-2722
CVE-2015-2722 affects Mozilla Firefox before 39.0 and Firefox ESR before 31.8 (and 38.x before 38.1). Root cause: a use-after-free in CanonicalizeXPCOMParticipant when an XMLHttpRequest is attached to a shared or dedicated worker. Impact: remote attacker could execute arbitrary code. Mitigation: ...
CVE-2015-2722
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker...
CVE-2012-5624
CVE-2012-5624 affects Qt 4.x where the XMLHttpRequest implementation could be redirected from http to the file: URL scheme, enabling a man‑in‑the‑middle attacker to trigger reads of local files in a QML application. The root cause is improper handling of redirects in XMLHttpRequest, allowing acce...
CVE-2012-2868
Removed by vendor...
Technical Note by Amit Klein: "XST Strikes Back"
Technical note XST Strikes Back or perhaps "Return from the Proxy"... Amit Klein, January 2006 Introduction ============ About three years ago, the concept of "Cross Site Tracing" 1 was introduced to the web application security community. In essence, the classic XST is about amplifying an existi...
CVE-2005-4827
Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object Microsoft.XMLHTTP and using tab, newline, and carriage return characters within the...
Opera 8 multiple security vulnerabilities
Crossite scripting on message generation if automatic redirection is disabled. javascript: crossite scripting. XMLHttpRequest object crossite access. Download dialog spoofing. Crossite scripting on image dragging...
XMLHttpRequest Object security bypass in Opera Web Browser
Overview The Opera Web Browser fails to properly enforce security restrictions on the XMLHttpRequest Object. This may allow a remote, unauthenticated attacker to insert content from potentially malicious web sites. Description The XMLHttpRequest Object is a scripting object that provides routines...