15 matches found
Hiro: Weak crossdomain.xml
The e-mail list management service used by Blockstack operated by MailChimp has a lenient cross-domain flash policy -- this is not a vulnerability, however, the crossdomain.xml used by the mailing service is more lenient than used by normal web services...
Socusoft: XSS in HTML Content Generated by Flash Slideshow Maker (All Versions)
The vulnerability identified does not exist within the software application itself, instead, the vulnerability presents itself within the application's exported files which end up hosted on an external web-server. Socusoft's Flash Slideshow Maker application has two configuration themes associate...
Flash Slideshow Maker Professional XSS / Content Forgery / Redirect
================================================================================= | | | | | | | | | | | |/' | / / / / | ' | /| | ' \ \ / | '| \ \ \ /\ / / | | | \ |/ / | | | | |./ / | | ./ /\ V V / || ||/|| || ||/ || / // C O N T A C T : Twitter: @ret2eax Email: [email protected] Blog:...
Mobile Vikings: Insecure crossdomain.xml
Hi, https://mobilevikings.be/crossdomain.xml contains the following xml file: This will make any one able to receive content from https://mobilevikings.be/. More information about this issue is available here: http://gursevkalra.blogspot.nl/2013/08/bypassing-same-origin-policy-with-flash.html Bes...
123 flashchat 7.8 - Multiple Vulnerabilities
No description provided by source. |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | |...
phpwind配置不当可导致CSRF发帖
简要描述: phpwind配置不当可导致CSRF发帖 详细说明: crossdomain.xml的默认设置: - 虽然有建议 但是普通站长谁没事改这个啊,还不如你们在安装时直接根据host重写下crossdomain.xml得了。 先取到csrf的token function gethash function getformhashtxt txt = txt.split'csrftoken" value="'1.split'"'0; return txt; var resultlv:LoadVars = new LoadVars; resultlv.onData = functiontx...
Geonick Social Network Clickjacking / Credential Disclosure
GEONICK SOCIAL-NETWORK Insecure crossdomain.xml file / Clickjacking: X-Frame-Options header missing / User credentials are sent in clear text Time-Line Vulnerability Multiple Advisories but NOT RESPONSE Then Full Disclosure I-VULNERABILITY ------------------------- Title: GEONICK SOCIAL-NETWORK...
flash crossdomain.xml 跨站请求伪造
No description provided by source...
SAP Xcelsius - insecure crossdomain policy
Application: SAP Portal Xcelsius dashboards Vendor URL: http://www.sap.com Bugs: insecure crossdomain policy Exploits: YES Reported: 12.03.2012 Vendor response: 12.03.2012 Date of SAP Security Note Published: 08.01.2013 Date of Public Advisory: 29.01.2013 Reference: SAP Security Note 1412864...
123 Flashchat Directory Traversal / Cross Site Scripting
|------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | [email protected] | | |...
123 Flashchat version 7.8 Multiple Remote Vulnerabilities
Exploit for windows platform in category remote exploits ========================================================= 123 Flashchat version 7.8 Multiple Remote Vulnerabilities ========================================================= |-----------------------------------------------------------------...
123 Flashchat version 7.8 Multiple Remote Vulnerabilities
Exploit for windows platform in category remote exploits ========================================================= 123 Flashchat version 7.8 Multiple Remote Vulnerabilities ========================================================= |-----------------------------------------------------------------...
123 FlashChat 7.8 - Multiple Vulnerabilities
|------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | [email protected] | | |...
123 FlashChat 7.8 - Multiple Vulnerabilities
123 FlashChat 7.8 - Multiple Vulnerabilities |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | |...
Ucenter Projekt 2.0 Insecure crossdomain (XSS) Vulnerability
Exploit for php platform in category web applications ============================================================ Ucenter Projekt 2.0 Insecure crossdomain XSS Vulnerability ============================================================...