6 results (0.004 seconds)

CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0

Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page. Yahoo! Toolbar v1.0.0.5 y anteriores para Chrome y Safari, permiten a usuarios remotos modificar la URL de búsqueda configurada e interceptar termindos de búsqueda a través de una página web modificada. • http://jvn.jp/en/jp/JVN51769987/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000072 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 2%CPEs: 2EXPL: 1

The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com. El diálogo Instalador de Botón Personalizado (Custom Button Installer) en Google Toolbar 4 y 5 beta presenta determinados nombres de dominio en las secciones (1) "Descargado desde" (Downloaded from) y (2) "Consideraciones de privacidad" (Privacy considerations) sin verificar los nombres de dominio, lo cual facilita a los atacantes falsificar nombres de dominio y engañar a los usuarios para que instalen archivos XML de botones maliciosos, como se ha demostrado presentando www.google.com cuando el botón se descargó de un sitio arbitrario a través de un redirector abierto en www.google.com. • http://aviv.raffon.net/2007/12/18/GoogleToolbarDialogSpoofingVulnerability.aspx http://secunia.com/advisories/28166 http://securityreason.com/securityalert/3491 http://www.osvdb.org/39499 http://www.securityfocus.com/archive/1/485288/100/0/threaded http://www.securityfocus.com/bid/26923 https://exchange.xforce.ibmcloud.com/vulnerabilities/39164 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 3%CPEs: 18EXPL: 4

Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability. • https://www.exploit-db.com/exploits/24607 http://archives.neohapsis.com/archives/bugtraq/2004-09/0226.html http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0629.html http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0639.html http://securitytracker.com/id?1011351 http://www.osvdb.org/10037 http://www.securityfocus.com/bid/11210 https://exchange.xforce.ibmcloud.com/vulnerabilities/17435 •

CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 2

The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler. La barra de herramientas de Google 1.1.58 y versiones anteriores, permite a sitios web remotos supervisar la entrada de un usuario en la barra de herramientas mediante un manejador de eventos 'onkeydown'. • http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0066.html http://online.securityfocus.com/archive/1/286527 http://sec.greymagic.com/adv/gm001-mc http://toolbar.google.com/whatsnew.php3 http://www.securityfocus.com/bid/5426 https://exchange.xforce.ibmcloud.com/vulnerabilities/10054 •

CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 2

The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check. La barra de herramientas de Google 1.1.58 y versiones anteriores, permite a sitios web remotos realizar operaciones no autorizadas de la barra de herramientas, incluidas la ejecución de rutinas y la lectura de ficheros en otras zonas como 'My Computer' abriendo una ventana a tools.google.com o el protocolo res:, y a continuación utilizando rutinas para modificar la ubicación de la ventana a la de la URL de configuración de la barra de herramientas, con lo que se elude la verificación original. • http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0066.html http://online.securityfocus.com/archive/1/286527 http://sec.greymagic.com/adv/gm001-mc http://www.securityfocus.com/bid/5424 •