Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

1 vulnerability found for Creammonkey by KATO Kazuyoshi

JVNDB-2007-000824

Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00

Severity ?

() - -

Summary

GreaseKit and Creammonkey allows execution of userscript functions

Details

GreaseKit and Creammonkey contains a vulnerability that can be exploited to execute functions for userscripts. GreaseKit and Creammonkey are plugins that enable user scripting to Safari and other Apple Webkit applications, and they provide APIs callable only from userscripts. GreaseKit and Creammonkey are vulnerable in allowing APIs called from a web page.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN33044255/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6640
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6640
	SECUNIA	http://secunia.com/advisories/28241
	XF	http://xforce.iss.net/xforce/xfdb/39272
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	KATO Kazuyoshi	Creammonkey
	KATO Kazuyoshi	GreaseKit

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000824.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "GreaseKit and Creammonkey contains a vulnerability that can be exploited to execute functions for userscripts.\r\n\r\nGreaseKit and Creammonkey are plugins that enable user scripting to Safari and other Apple Webkit applications, and they provide APIs callable only from userscripts.\r\nGreaseKit and Creammonkey are vulnerable in allowing APIs called from a web page.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000824.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:sourceforge:creammonkey",
      "@product": "Creammonkey",
      "@vendor": "KATO Kazuyoshi",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sourceforge:greasekit",
      "@product": "GreaseKit",
      "@vendor": "KATO Kazuyoshi",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000824",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN33044255/index.html",
      "@id": "JVN#33044255",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6640",
      "@id": "CVE-2007-6640",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6640",
      "@id": "CVE-2007-6640",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/28241",
      "@id": "SA28241",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/39272",
      "@id": "39272",
      "@source": "XF"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "GreaseKit and Creammonkey allows execution of userscript functions"
}