357 matches found
NASA.gov Cross Site Scripting
Exploit Title: NASA.gov main-domain DOM-XSS Date: 01/04/2015 Author: Yann CAM - Georges TAUPIN @ Synetis - ASafety Vendor or Software Link: www.nasa.gov Version: / Category: DOM-XSS Google dork: Tested on: NASA.gov main-domain NASA description :...
XSScrapy - Fast, thorough XSS vulnerability spider
Fast, thorough, XSS spider. Give it a URL and it'll test every link it finds for cross-site scripting vulnerabilities. XSS attack vectors xsscrapy will test Referer header way more common than I thought it would be! User-Agent header Cookie header added 8/24/14 Forms, both hidden and explicit URL...
Google Chrome 36.0 XSS Auditor Bypass
Vulnerability: Google Chrome 36.0 XSS Auditor Bypass Impact: Moderate Authors: Rafay Baloch Company: RHAInfoSec Website: http://rhainfosec.com version: Latest Description Google chrome XSS auditor was found prone to a bypass when the user input passed though location.hash was being written to the...
Multiple Themes - PrettyPhoto DOM XSS
...
IronWASP 2014 - One of the world's best web security scannners
Find security issues on your website automatically using IronWASP, one of the world's best web security scannners. Here's what is new: 1 Login recording Now you can easily just record a login sequence and use it in vulnerability scans and other automated tests. See video tutorial. 2 Automatically...
vBulletin 5.1 Cross Site Scripting
Exploit Title: vBulletin 5.1 Multiple XSS vulnerabilities Authors: Romanian Security Team Website: https://rstforums.com/forum/ Date published: 19 April 2014 Software: vBulletin Version: 5.1.1 Alpha 9 XSS Random topic -...
[Arachni v0.4.6 - Web User Interface v0.4.3] Open Source Web Application Security Scanner Framework
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process. Unlike other...
DOM XSS in dhtmlHistory.js when using IE
In the createIE function inside dhtmlHistory.js|https://stash.atlassian.com/projects/JIRA/repos/jira/browse/jira-components/jira-webapp/src/main/webapp/includes/lib/dhtmlhistory/dhtmlHistory.js333 the value of the fragment identifier, is concatenated to create the html of an iframe without first...
DOM XSS in dhtmlHistory.js when using IE
In the createIE function inside dhtmlHistory.js|https://stash.atlassian.com/projects/JIRA/repos/jira/browse/jira-components/jira-webapp/src/main/webapp/includes/lib/dhtmlhistory/dhtmlHistory.js333 the value of the fragment identifier, is concatenated to create the html of an iframe without first...
'self' xss reported in a question's moderate
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47423. panel We have received an external report of a dom xss in the moderation code for a question on answers.atlassian.com...
'self' xss reported in a question's moderate
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47423. panel We have received an external report of a dom xss in the moderation code for a question on answers.atlassian.com...
dom_xss
This plugin greps every page for traces of DOM XSS. An interesting paper about DOM XSS can be found here: http://www.webappsec.org/projects/articles/071105.shtml Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the...
Mandriva Linux Security Advisory : couchdb (MDVSA-2013:067)
Updated couchdb packages fix security vulnerabilities : A security flaw was found in the way Apache CouchDB, a distributed,fault- tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API, processed certain JSON callback. A remote attacker could provide a speciall...
easyXDM Library Cross Site Scripting
Affected products ================= easyXDM library 2.4.19 - http://easyxdm.net/wp/ easyXDM is a Javascript library that enables you as a developer to easily work around the limitation set in place by the Same Origin Policy, in turn making it easy to communicate and expose javascript API's across...
GWebmail 0.7.3 - Cross-Site Scripting / Local File Inclusion / Remote Code Execution
!/usr/bin/python ''' Exploit Title: XSS & LFI RCE Vulnerabilities in GWebmail Date: 11/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: https://www.gwebmail.net Software Link: https://www.gwebmail.net/download/ Version: 0.7.3 Gr33Tz: @aviadgolan , @benhayak, @nirgoldshlager,...
Cross site scripting
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting XSS protection mechanisms via a crafted HTML document...
百度空间hi.baidu creatbgmusic() Dom-Xss Bug
百度空间的Javascript Dom函数creatbgmusic在输出变量bgmusic没有进行过滤,导致可以通过initBlogTextForFCK函数构造容易HTML代码,最终导致xss漏洞 在http://hi.baidu.com//js/bgmusic.js?v=1.0.js 代码: function creatbgmusicmurl, musicnum, IsMusicHide, IsMusicLoop, IsMusicAutoPlay, unknow, functype //传入的murl赋值到bgmusic1和bgmusic2中 //可以通过构造类似代码来闭合标签如 "i...