94 matches found
Mozilla Firefox Access Control Error Vulnerability (CNVD-2023-03068)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. An access control error vulnerability exists in Mozilla Firefox, which stems from the Remote Agent used in WebDriver not validating the Host or Origin header. An attacker could exploit the vulnerability to force...
CVE-2022-22757
Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability affect...
WordPress Curtain 1.0.2 Cross Site Scripting Vulnerability
Exploit Title: Multiple Stored Cross-Site Scripting vulnerabilities in WordPress curtain plugin 1.0.2 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/curtain/ Version: 1.0.2 Tested on: Firefox Contact me: h at spidersilk.com Description Several...
Vulnerability of software programs with DOM functions to bypass CAPTCHA; ReCaptcha solvers that allow hackers to gain full control over the browser.
The vulnerability of DOM-based software for bypassing CAPTCHA systems is related to the lack of security measures taken to protect the structure of web pages. Exploiting this vulnerability can allow a hacker to gain full control over the browser...
ReCaptcha Solver 跨站脚本漏洞
ReCaptcha Solver is a Google application plugin for automated validation of Google ReCaptcha V2. A cross-site scripting vulnerability exists in ReCaptcha Solver version 5.7, which stems from a response in setCaptchaCode being inserted into the DOM as HTML, giving full control over the user's...
CVE-2021-22523
XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions...
Xxe
XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions...
CVE-2021-22523
XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions...
Micro Focus Verastream Host Integrator 代码问题漏洞
Micro Focus Verastream Host Integrator is an asset management platform from Micro Focus UK. The platform supports the management of servers, web applications, and other assets. A security vulnerability exists in Micro Focus Verastream Host Integrator 7.8 Update 1 and prior versions that could all...
Multi Manage the screen of the target meterpreter session
This module allows you to view and control the screen of the target computer via a local browser window. The module continually screenshots the target screen and also relays all mouse and keyboard events to session. This module requires Metasploit: https://metasploit.com/download Current source:...
TomTom: Reflected Cross Site Scripting vuln in tomtom.com
Hello Tomtom security team I found a reflected cross site scripting security vulnerability in tomtom.com https://www.tomtom.com/nlnl/search/?q=27%22--%3E%3CDetails%20Open%20OnToggle=confirmdocument.domain%3E This payload when loaded displays the domain the XSS vulnerability occurs in www.tomtom.c...
LanSweeper 6.0.100.75 - Cross-Site Scripting
LanSweeper 6.0.100.75 - Cross-Site Scripting LanSweeper - Cross Site Scripting and HTMLi Title: Vulnerability in LanSweeper Date: 16-11-2017 Status: Vendor contacted, patch available Author: Miguel Mendez Z Vendor Homepage: http://www.lansweeper.com Version: 6.0.100.75 CVE: CVE-2017-16841...
LanSweeper 6.0.100.75 - Cross-Site Scripting
LanSweeper - Cross Site Scripting and HTMLi Title: Vulnerability in LanSweeper Date: 16-11-2017 Status: Vendor contacted, patch available Author: Miguel Mendez Z Vendor Homepage: http://www.lansweeper.com Version: 6.0.100.75 CVE: CVE-2017-16841 Vulnerability description -------------------------...
Using ILSpy to analyze a small adware file
My curiosity was triggered when the telemetry of our heuristic scanner started showing a multitude of reports about a small file called grandfather.exe, so I went out to grab a copy and have a look at it. As you can probably tell from some of the detection names at Virustotal, this is a MSIL...
MSRT September 2016 release feature: Prifou
As part of our ongoing effort to provide better malware protection, the Microsoft Malicious Software Removal Tool MSRT release this September includes detections for: BrowserModifier:Win32/Prifou TrojanClicker:Win32/NightClick Trojan:Win32/Suweezy Trojan:Win32/Xadupi This blog discusses...
WordPress AdPlugg Plugin <= 1.1.33 - Stored Cross Site Scripting
Because of this vulnerability, attackers can hijack other users session, take control of another administrator's browser or install malware on their computer. Solution Upgrade the plugin...
Online Ad Networks Leverages to Launch Javascript Attacks
LAS VEGAS – Researchers have figured out how to leverage the reach of online advertising networks to distribute javascript of their choosing, creating the equivalent of a botnet of ad impressions capable of crashing underlying webservers or distributing malware on a massive scale for pennies on t...
FW: =| Security Advisory - TP-LINK TL-WR841N XSS (Cross Site Scripting) |=
=| Security Advisory - TP-LINK TL-WR841N XSS Cross Site Scripting |= Issue: TL-WR841N 300Mbps Wireless N Router by "TP-LINK" Firmware Version: 3.13.9 Build 120201 Rel.54965n and Below Discovered Date: 17/11/2012 Author: Matan Azugi [email protected] Product Vendor:...
Microsoft .NET Framework / Silverlight类继承限制漏洞(MS11-078)
CVE ID: CVE-2011-1508 .NET Framework是用于Windows的新托管代码编程模型,用于构建具有视觉上引人注目的用户体验的应用程序,实现跨技术边界的无缝通信,并且能支持各种业务流程。Silverlight 是一种新的 Web 呈现技术,能在各种平台上运行。 Microsoft .NET Framework和Microsoft Silverlight在类继承的实现上存在安全漏洞,恶意用户可通过特制的网页利用此漏洞控制用户系统。要成功利用,需要浏览器可以运行XBAPs或Silverlight应用程序。 Microsoft .NET Framework 4.x...
Iskratel SI2000 Callisto 821+ - Cross-Site Request Forgery HTML Injection
Iskratel SI2000 Callisto 821+ - Cross-Site Request Forgery HTML Injection source: https://www.securityfocus.com/bid/48711/info The Iskratel SI2000 Callisto 821+ is prone to a cross-site request-forgery vulnerability and multiple HTML-injection vulnerabilities. An attacker can exploit the cross-si...