CVE-2010-1767

Cross-site request forgery CSRF vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest...

CVE-2010-1767

Removed by vendor...

CVE-2010-1767

The CVE-2010-1767 entry describes a Cross‑Site Request Forgery (CSRF) vulnerability in WebKit’s WebCore, specifically in loader/DocumentThreadableLoader.cpp. It affects WebKit before revision r57041 and is noted to be used in Google Chrome before 4.1.249.1059. The vulnerability allows an attacker...

Mozilla Foundation Security Advisory 2010-63

Mozilla Foundation Security Advisory 2010-63 Title: Information leak via XMLHttpRequest statusText Impact: Low Announced: September 7, 2010 Reporter: Matt Haggard, Nicholas Berthaume Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.9 Firefox 3.5.12 Thunderbird 3.1.3 Thunderbird 3.0...

CVE-2010-2764

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web...

Cross site scripting

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web...

Mozilla Information leak via XMLHttpRequest statusText (MFSA 2010-63)

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web...

SeaMonkey < 2.0.7 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.0.7. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. MFSA 2010-49 - An integer overflow vulnerability in...

Mozilla Thunderbird 3.1 < 3.1.3 Multiple Vulnerabilities

The installed version of Thunderbird 3.1 is earlier than 3.1.3. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. MFSA 2010-49 - An integer overflow...

Mozilla Firefox 3.5.x < 3.5.12 Multiple Vulnerabilities

Binary data 5656.prm...

Mozilla Firefox 3.6.x < 3.6.9 Multiple Vulnerabilities

Binary data 5657.prm...

Firefox < 3.5.12 Multiple Vulnerabilities

The installed version of Firefox is earlier than 3.5.12. Such versions are potentially affected by the following security issues : - The pseudo-random number generator is only seeded once per browsing session and 'Math.random' may be used to recover the seed value allowing the browser instance to...

Information leak via XMLHttpRequest statusText — Mozilla

Matt Haggard reported that the statusText property of an XMLHttpRequest object is readable by the requester even when the request is made across origins. This status information reveals the presence of a web server and could be used to gather information about servers on internal private networks...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2010-49 Miscellaneous memory safety hazards rv:1.9.2.9/ 1.9.1.12 MFSA 2010-50 Frameset integer overflow vulnerability MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array MFSA 2010-52 Windows XP DLL loading vulnerability MFSA 2010-53 Heap buffer...

CVE-2010-1760

loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150...

CVE-2010-1760

loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150...

Hardcoded credentials

loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150...

CVE-2010-1760

CVE-2010-1760 affects loader/DocumentThreadableLoader.cpp in the WebKit WebCore XMLHttpRequest implementation, before r58409. The vulnerability arises because credentials are not properly handled during a cross-origin synchronous request. The description specifies an unspecified impact with poten...

LightNEasy 3.2 admin account hijacking csrf vulnerability

Exploit for php platform in category web applications ========================================================= LightNEasy 3.2 admin account hijacking csrf vulnerability ========================================================= Author: pimpim Software Link:...

Apache OFBiz SQL Remote Execution PoC Payload

Exploit for multiple platform in category remote exploits ============================================= Apache OFBiz SQL Remote Execution PoC Payload ============================================= / Apache OFBiz SQL Remote Execution PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at-...