HackerOne: Stored XSS in IE11 on hackerone.com via custom fields

Hi There, i found stored xss via Custom Fields F1275694 ---------------------------------- F1275691 POC: F1275692 Impact The attacker can use this issue to execute malicious script code in the victim user browser also redirect the victim user to malicious sites...

Revive Adserver 5.0.5 Cross Site Scripting / Open Redirect

======================================================================== Revive Adserver Security Advisory REVIVE-SA-2021-001 ------------------------------------------------------------------------ https://www.revive-adserver.com/security/revive-sa-2021-001...

New Relic: Site-wide clickjacking at IE11

Hey team, I have discovered that the protection you use for clickjacking preventing is a CSP with frame-ancestors directive. But IE11 doesn't support this directive so you customers using this browser can be attacked. The market share of IE11 is about 2.5% now and it's higher than, for example,...

Type confusion vulnerability instance analysis-vulnerability warning-the black bar safety net

Type confusion vulnerability in General is the type of data A as data of Type B to resolve the reference, which may lead to illicit access to data and thus execute arbitrary code. This article by IE type confusion vulnerability examples and Word type confusion vulnerability examples for analysis,...

November 8, 2016 — KB3198585 (OS Build 10240.17190)

November 8, 2016 — KB3198585 OS Build 10240.17190 This update includes quality improvements and security updates. No new operating system features are being introduced in this update. Key changes include: Addressed issue to update the Access Point Name APN database. Addressed issue with deadlocks...

GitLab: Stored XSS on Issue details page

Summary: The detail page of Issue the page that provides the content of an Issue is vulnerable to Stored XSS. Description: The two exploits are via the function of submittin an issue or the function of editing an issue. This vulnerability is reproduced in Firefox andChrome. IE11 andEdge are not. ...

Internet Explorer - RegExp.lastMatch Memory Disclosure

Internet Explorer - RegExp.lastMatch Memory Disclosure / There is a vulnerability in Internet Explorer that could potentially be used for memory disclosure. This was tested on IE11 running on Window 7 64-bit with the latest patches applied. PoC: ========================================= / functio...

Advantech WebAccess 8.3.0 - Remote Code Execution Exploit

Exploit for windows platform in category remote exploits Vulnerability Title: Advantech WebAccess Node8.3.0 "AspVBObj.dll" - Remote Code Execution Discovered by: Nassim Asrir Contact: email protected / https://www.linkedin.com/in/nassim-asrir-b73a57122/ CVE: CVE-2018-6911 Tested on: IE11 / Win10...

Advantech WebAccess 8.3.0 - Remote Code Execution

Advantech WebAccess 8.3.0 - Remote Code Execution Vulnerability Title: Advantech WebAccess Node8.3.0 "AspVBObj.dll" - Remote Code Execution Discovered by: Nassim Asrir Contact: [email protected] / https://www.linkedin.com/in/nassim-asrir-b73a57122/ CVE: CVE-2018-6911 Tested on: IE11 / Win10...

Advantech WebAccess 8.3.0 - Remote Code Execution

Vulnerability Title: Advantech WebAccess Node8.3.0 "AspVBObj.dll" - Remote Code Execution Discovered by: Nassim Asrir Contact: [email protected] / https://www.linkedin.com/in/nassim-asrir-b73a57122/ CVE: CVE-2018-6911 Tested on: IE11 / Win10 Technical Details: ================== The VBWinExec...

Advantech WebAccess Node 8.3.0 DLL Hijacking

Vulnerability Title: Advantech WebAccess Node8.3.0 "AspVBObj.dll" - Remote Code Execution Discovered by: Nassim Asrir Contact: [email protected] / https://www.linkedin.com/in/nassim-asrir-b73a57122/ CVE: CVE-2018-6911 Tested on: IE11 / Win10 Technical Details: ================== The VBWinExec...

Design/Logic Flaw

In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system...

CVE-2017-14803

In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system...

CVE-2017-14803

In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system...

Microsoft IE11: use-after-free in jscript!JsErrorToString(CVE-2017-11810)

There is a use-after-free in jscript.dll library that can be exploited in IE11. jscript.dll is an old JavaScript library that was used in IE 8 and back. However, IE11 can still load it if put into IE8 compatibility mode and if there is a script tag that can only be understood by the older library...

Microsoft Internet Explorer 11 jscript!JsErrorToString Use-After-Free

Microsoft IE11: use-after-free in jscript!JsErrorToString CVE-2017-11810 There is a use-after-free in jscript.dll library that can be exploited in IE11. jscript.dll is an old JavaScript library that was used in IE 8 and back. However, IE11 can still load it if put into IE8 compatibility mode and ...

Windows Attachment Manager Incorrect High Risk JAR Handling Vulnerability

The Windows Attachment Manager does not correctly handle JAR files marked as high risk when accessed via Internet Explorer 11. Scenario: The Windows Attachment Manager does not correctly handle JAR files marked as "high risk" when accessed via Internet Explorer 11. This leads to direct execution ...

Avito: CSS injection in avito.ru via IE11

Hi Team Security @avito I discovered CSS Injection on avito.ru in form search via IE11 Description CSS injection vulnerabilities arise when an application imports a style sheet from a user-supplied URL, or embeds user input in CSS blocks without adequate escaping. They are closely related to...

Starbucks: DOM-based XSS in store.starbucks.co.uk on IE 11

We've found DOM XSS on store.starbucks.co.uk and other related domains such as store.starbucks.fr and store.starbucks.ca. It appears to be a JQuery based DOM XSS in the parseHTML sink. In order to trigger the XSS you need to use IE11 and the PoC will visit the url first, wait 5 seconds and then...

Cloudflare: Cloudflare based XSS for IE11

XSS can be performed via malformed URI request in IE11and potentially in Edge. Cloudflare has a vulnerable default error page for HTTP 522. For example it takes some time: https://hacker.one/%ff Lets use IE11 to proof the concept. https://hacker.one/%ff/?"escaped Result:...