EUVD-2015-1425

Malware in sbrugna...

EUVD-2000-0265

Malware in sbrugna...

SUSE CVE-2008-4195

Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different frame, which allows remote attackers to trigger the display of an arbitrary address in a frame via unspecified use of web script...

CVE-2022-35922 Memory allocation based on untrusted length in rust-websocket

Rust-WebSocket is a WebSocket RFC6455 library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based...

Microsoft Internet Explorer 5.0.1 Invalid Byte Cross-Frame Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/197/info On January 28, 1999, Georgi Guninski originally reported a vulnerability in Internet Explorer 4.x. Internet Explorer 4.x's implentation of Cross-frame security could be bypassed if %01 is appended to an arbitrary...

CVE-2008-3456

phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack...

Pages held in frames are able to change the location of pages in unrelated frames on the parent page – Opera Security Advisories

Pages held in frames are able to change the location of pages in unrelated frames on the parent page – Opera Security Advisories OPCOM Team | June 11, 2008 Severity: Less Severe Problem Description: Pages from different sources held on the same parent page should not be able to modify the locatio...

security flaw

Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords...

Microsoft Windows Media Player ActiveX control allows execution of javascript in "already open" frames

Overview A vulnerability in the Windows Media Player may allow remote attackers to view the contents of local files on the victim's computer. Description Using the "LaunchURL" method of the Windows Media Player ActiveX control, a web page author may be able to circumvent the frame security featur...

EUVD-2002-0775

Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL...

IE 5.5 Cross Frame security vulnerability - Web Browser Control's Navigate method

Georgi Guninski security advisory 20, 2000 IE 5.5 Cross Frame security vulnerability - Web Browser Control's Navigate method Systems affected: IE 5.5/Win98. Probably other versions - have not tested. Risk: High Date: 4 September 2000 Legal Notice: This Advisory is Copyright c 2000 Georgi Guninski...

CVE-2000-0503

The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event...

ie-iframe.txt

Georgi Guninski security advisory 12, 2000 IE 5 Cross-frame security vulnerability using IFRAME and WebBrowser control Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact that Georgi Guninski...

CVE-2000-0503

The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event...

CVE-2000-0465

Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability...

CVE-2000-0266

The CVE-2000-0266 entry describes a vulnerability in Internet Explorer 5.01 where a malicious applet can bypass the cross-frame security policy by interacting with the Java JSObject to modify DOM properties, allowing an IFRAME to load an arbitrary JavaScript URL. This reveals a client-side cross-...

IE 5 security vulnerablity - circumventing Cross-frame security policy using Java/JavaScript (and disabling Active Scripting is not that easy)

Georgi Guninski security advisory 10, 2000 IE 5 security vulnerablity - circumventing Cross-frame security policy using Java/JavaScript and disabling Active Scripting is not that easy Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual...

CVE-2000-0266

Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL...

CVE-2000-0028

Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function...

ie5.cross-frame.txt

Georgi Guninski security advisory 4, 2000 IE 5 security vulnerablity - circumventing Cross-frame security policy and accessing the DOM of "old" documents. Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies,...