Vulnerabilities > CVE-2005-2455 - Remote Information Disclosure vulnerability in Greasemonkey 0.3.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Greasemonkey 0.3.3 Multiple Remote Information Disclosure Vulnerabilities. CVE-2005-2455. Webapps exploit for cgi platform |
| id | EDB-ID:26017 |
| last seen | 2016-02-03 |
| modified | 2005-07-20 |
| published | 2005-07-20 |
| reporter | Mark Pilgrim |
| source | https://www.exploit-db.com/download/26017/ |
| title | Greasemonkey 0.3.3 - Multiple Remote Information Disclosure Vulnerabilities |
References
- http://greaseblog.blogspot.com/2005/07/mandatory-greasemonkey-update.html
- http://greasemonkey.mozdev.org/changes/0.3.5.html
- http://mozdev.org/pipermail/greasemonkey/2005-July/004000.html
- http://mozdev.org/pipermail/greasemonkey/2005-July/004022.html
- http://secunia.com/advisories/16128
- http://securitytracker.com/id?1014529
- http://www.osvdb.org/18154
- http://www.securiteam.com/securitynews/5CP0P20GBK.html
- http://www.securityfocus.com/bid/14336
- http://www.vupen.com/english/advisories/2005/1147
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21453