Apache OFBiz - Admin Creator

Apache OFBiz - Admin Creator / Apache OFBiz FULLADMIN Creator PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var username = 'bonsaiUser'; var password = 'bonsaiPass'; var nodes =...

Apache OFBiz - Admin Creator

/ Apache OFBiz FULLADMIN Creator PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var username = 'bonsaiUser'; var password = 'bonsaiPass'; var nodes = document.getElementsByClassName'fieldWidth300'; for var i=0;...

Microsoft Windows ShellExecute()输入验证漏洞（MS10-002/MS10-007）

BUGTRAQ ID: 37884 CVE ID: CVE-2010-0027 Microsoft Windows是微软发布的非常流行的操作系统。 IE浏览器等应用使用ShellExecute API函数处理文件。由于没有正确的对数据流执行验证，用户受骗跟随了恶意URL就可能导致绕过安全过滤执行本地系统上的二进制程序。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Server 2003 SP2 Microsoft Windows 2000SP4 厂商补丁： Microsoft ---------...

CVE-2010-0656

WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted...

Design/Logic Flaw

WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted...

CVE-2010-0656

WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted...

Microsoft Internet Explorer 8 - URI Validation Remote Code Execution

source: https://www.securityfocus.com/bid/37884/info Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application an...

KDE XMLHttpRequest安全绕过和kioslave输入验证漏洞

KDE是一款UNIX工下开源图形桌面环境。 KDE存在多个安全漏洞，具体如下： Ark输入过滤错误： KDE归档工具，由于不充分的校验可导致特殊构建的归档文件，使用未知的MIME类型，当使用KHTML实例渲染时，可触发不可控的XMLHTTPRequests给远程站点。 IO Slaves输入过滤错误： KDE协议处理器执行不充分的输入校验，攻击者可以构建恶意URI可触发JavaScript执行，另外'help://'协议处理器存在目录遍历攻击。不过注意此问题的恶意URI不能嵌入在Internet域内容中。 KMail输入过滤错误：...

SuSE 10 Security Update : Epiphany (ZYPP Patch Number 5889)

The Mozilla XULRunner 1.8.1 engine received backports for security problems in 1.9.0.5. The following security issues were fixed : - Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute...

SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5890)

The Mozilla Firefox browser was updated to version 2.0.0.19, fixing various security issues and stability problems. The following security issues were fixed : - Mozilla security researcher mozbugra4 reported vulnerabilities in the session-restore feature by which content could be injected into an...

SuSE9 Security Update : Epiphany (YOU Patch Number 12326)

The Mozilla Browser received backports for security problems in 1.8.1.14. The following security issues were fixed : - Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary...

openSUSE Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-383)

The Mozilla XULRunner 1.8.1 engine received backports for security problems in 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used t...

openSUSE Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-383)

The Mozilla XULRunner 1.8.1 engine received backports for security problems in 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used t...

openSUSE Security Update : mozilla-xulrunner190 (mozilla-xulrunner190-382)

The Mozilla XULRunner engine was updated to version 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-381)

The Mozilla Firefox browser was updated to version 3.0.5, fixing various security issues and stability problems. The following security issues were fixed : MFSA 2008-69 / CVE-2008-5513: Mozilla security researcher mozbugra4 reported vulnerabilities in the session-restore feature by which content...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-381)

The Mozilla Firefox browser was updated to version 3.0.5, fixing various security issues and stability problems. The following security issues were fixed : MFSA 2008-69 / CVE-2008-5513: Mozilla security researcher mozbugra4 reported vulnerabilities in the session-restore feature by which content...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-509)

The Mozilla Firefox browser is updated to version 3.0.6 fixing various security and stability issues. MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these...

openSUSE Security Update : mozilla-xulrunner190 (mozilla-xulrunner190-382)

The Mozilla XULRunner engine was updated to version 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin...

openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-401)

The Mozilla Thunderbird E-Mail client was updated to version 2.0.0.19. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the...

Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for 1 XMLHttpRequest, involving a mismatch for a document's principal, and 2 XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site...