Vulnerabilities > CVE-2005-2455 - Unspecified vulnerability in Greasemonkey 0.3.3
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN greasemonkey
exploit available
Summary
Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Greasemonkey 0.3.3 Multiple Remote Information Disclosure Vulnerabilities. CVE-2005-2455. Webapps exploit for cgi platform |
id | EDB-ID:26017 |
last seen | 2016-02-03 |
modified | 2005-07-20 |
published | 2005-07-20 |
reporter | Mark Pilgrim |
source | https://www.exploit-db.com/download/26017/ |
title | Greasemonkey 0.3.3 - Multiple Remote Information Disclosure Vulnerabilities |
References
- http://greaseblog.blogspot.com/2005/07/mandatory-greasemonkey-update.html
- http://greaseblog.blogspot.com/2005/07/mandatory-greasemonkey-update.html
- http://greasemonkey.mozdev.org/changes/0.3.5.html
- http://greasemonkey.mozdev.org/changes/0.3.5.html
- http://mozdev.org/pipermail/greasemonkey/2005-July/004000.html
- http://mozdev.org/pipermail/greasemonkey/2005-July/004000.html
- http://mozdev.org/pipermail/greasemonkey/2005-July/004022.html
- http://mozdev.org/pipermail/greasemonkey/2005-July/004022.html
- http://secunia.com/advisories/16128
- http://secunia.com/advisories/16128
- http://securitytracker.com/id?1014529
- http://securitytracker.com/id?1014529
- http://www.osvdb.org/18154
- http://www.osvdb.org/18154
- http://www.securiteam.com/securitynews/5CP0P20GBK.html
- http://www.securiteam.com/securitynews/5CP0P20GBK.html
- http://www.securityfocus.com/bid/14336
- http://www.securityfocus.com/bid/14336
- http://www.vupen.com/english/advisories/2005/1147
- http://www.vupen.com/english/advisories/2005/1147
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21453
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21453