origin software vulnerabilities
vulnerabilities.aspcode.net
Searching origin software vulnerabilities
The Javascript "Same Origin Policy" (SOP), as i
Javascript
|
Policy"
|
Origin
|
"Same
|
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
The Google toolbar 1.1.58 and earlier allows re
toolbar
|
Google
|
The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check.
FreeScripts VisitorBook LE (visitorbook.pl) log
VisitorBook
|
FreeScripts
|
FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting (XSS) attacks.
The InstallTrigger.install method in Firefox be
InstallTriggerinstall
|
Firefox
|
before
|
method
|
The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.
Firefox before 1.0.5 and Mozilla before 1.7.9 d
Firefox
|
before
|
Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
iCab 2.9.8 does not clearly associate a Javascr
iCab
|
iCab 2.9.8 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
Safari version 2.0 (412) does not clearly assoc
version
|
Safari
|
Safari version 2.0 (412) does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
Opera 7.x and 8 before 8.01 does not clearly as
before
|
Opera
|
Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
Microsoft Internet Explorer 6.0 does not clearl
Vulnerability"
|
facilitates
|
Javascript
|
associate
|
Microsoft
|
generated
|
attackers
|
Spoofing
|
Explorer
|
Internet
|
phishing
|
attacks
|
clearly
|
trusted
|
"Dialog
|
remote
|
dialog
|
Origin
|
allows
|
which
|
spoof
|
does
|
page
|
site
|
not
|
box
|
aka
|
web
|
Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
The E4X implementation in Mozilla Firefox befor
implementation
|
Firefox
|
Mozilla
|
before
|
E4X
|
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.
CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 a
CoreTypes
|
Apple
|
Mac
|
CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."
Unspecified vulnerability in Mozilla Firefox an
vulnerability
|
Thunderbird
|
Unspecified
|
Firefox
|
Mozilla
|
before
|
10x
|
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array.
AOL ICQ Toolbar 1.3 for Internet Explorer (tool
Internet
|
Explorer
|
Toolbar
|
AOL
|
ICQ
|
AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into reconfiguring the toolbar.
Cross-zone vulnerability in Mozilla Firefox 1.5
vulnerability
|
Cross-zone
|
Firefox
|
Mozilla
|
Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.
Mozilla based browsers, including Firefox befor
including
|
browsers
|
Firefox
|
Mozilla
|
before
|
based
|
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x b
Firefox
|
Mozilla
|
before
|
15x
|
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site.
Cross-domain vulnerability in Apple Safari for
vulnerability
|
Cross-domain
|
Windows
|
Safari
|
Apple
|
Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.
Cross-domain vulnerability in Apple Safari for
vulnerability
|
Cross-domain
|
Windows
|
Safari
|
Apple
|
Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482.
The date handling code in modules/proxy/proxy_u
modules/proxy/proxy_utilc
|
handling
|
date
|
code
|
The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
Cross-domain vulnerability in Apple Safari for
vulnerability
|
Cross-domain
|
Windows
|
Safari
|
Apple
|
Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."
Software vulnerabilities results 1 to 20 of 26
Page:
1
2
►