Multiple Browser Javascript Dialog Origin Spoofing

Network Security News – Thursday, June 23, 2005 Events

Multiple Browser Javascript Dialog Origin Spoofing

Multiple web browsers contain a Javascript flaw that may lead to an unauthorized password exposure or other information disclosure. It is possible for a malicious web site to open a dialog box in front of a window displaying a trusted web site. It may appear that the dialog box comes from the trusted web site prompting users to enter passwords or other sensitive information, which may lead to a loss of confidentiality.. Read more at osvdb.org/17397

Ruby XMLRPC Server Unspecified Arbitrary Command Execution

Ruby's XMLRPC server module contains a flaw related to the toggling of public_instance_methods from FALSE to TRUE, that may allow an attacker to bypass security restrictions and execute arbitrary code. No further details have been provided.. Read more at osvdb.org/17407