167 matches found
EUVD-2025-3184
Malicious code in bioql PyPI...
CVE-2025-23442
Cross-Site Request Forgery CSRF vulnerability in mschertel Shockingly Big IE6 Warning shockingly-big-ie6-warning allows Stored XSS.This issue affects Shockingly Big IE6 Warning: from n/a through = 1.6.3...
CVE-2025-23442
Cross-Site Request Forgery CSRF vulnerability in mschertel Shockingly Big IE6 Warning shockingly-big-ie6-warning allows Stored XSS.This issue affects Shockingly Big IE6 Warning: from n/a through = 1.6.3...
CVE-2025-23442 WordPress Shockingly Big IE6 Warning plugin <= 1.6.3 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in mschertel Shockingly Big IE6 Warning shockingly-big-ie6-warning allows Stored XSS.This issue affects Shockingly Big IE6 Warning: from n/a through = 1.6.3...
CVE-2025-23442
CVE-2025-23442 describes a Cross-Site Request Forgery (CSRF) vulnerability in the Shockingly Big IE6 Warning WordPress plugin that allows Stored XSS. Reported as affecting Shockingly Big IE6 Warning from n/a through 1.6.3, the entry lists a CVSS v3.1 base score of 7.1 (HIGH) with network attack v...
CVE-2013-2551-sample analysis and exploits and Defense-vulnerability warning-the black bar safety net
0x0 is written on the front VUPEN team in the Pwn2Own 2013 hacking contest using the vulnerability to compromise Windows 8 environment, IE10, then on their blog discloses technical details. According to VUPEN description of the vulnerability produced in the VGX. DLL module, in the VML language...
1 Click Extract Audio 2.3.6 - Activex Buffer Overflow
1 Click Extract Audio 2.3.6 - Activex Buffer Overflow 1 Click Extract Audio Activex Buffer Overflow Affected version=2.3.6 Vendor Homepage:http://www.dvdvideotool.com/index.htm Software Link:www.dvdvideotool.com/1ClickExtractAudio.exe The vulnerability lies in the COM component used by the produc...
JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks
More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...
JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks
More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...
JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks
More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...
JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks
More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...
JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks
More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...
Samsung iPOLiS ReadConfigValue Remote Code Execution Exploit
Exploit for windows platform in category remote exploits var shellcode =...
WebGate WinRDS 2.0.8 - PlaySiteAllChannel Stack Buffer Overflow
WebGate WinRDS 2.0.8 - PlaySiteAllChannel Stack Buffer Overflow var arg1 = ""; var arg2 = 1; var arg3 = 1; var nops = ""; var shellcode = ""; var buff2 = ""; for i=0; i128; i++ arg1 += "B"; var nseh = "\xeb\x10PD"; var seh = "\xa0\xf2\x07\x10"; for i=0;i80; i++ nops += "\x90"; shellcode =...
Lorex LH300 Series - ActiveX Buffer Overflow (PoC)
Lorex LH300 Series - ActiveX Buffer Overflow PoC Disclosure: 09/01/2014 / Last updated: 18/01/2015 Hi, I have discovered a buffer overflow vulnerability that allows remote code execution in an ActiveX control bundled by a manufacturer of video surveillance systems. The company is Lorex...
Advantech WebAccess dvs.ocx GetColor Buffer Overflow Exploit
This Metasploit module exploits a buffer overflow vulnerability in Advantec WebAccess. The vulnerability exists in the dvs.ocx ActiveX control, where a dangerous call to sprintf can be reached with user controlled data through the GetColor function. This Metasploit module has been tested...
Phorum <= 5.2.11 Permanent Cross Site Scripting Vulnerabilities
No description provided by source. //----- Advisory Program : Phorum 5.2.11 and prior Homepage : http://www.phorum.org/ Discovery : 2009/07/16 Author Contacted : 2009/07/17 Found by : CrashFr This Advisory : CrashFr //----- Application description Started in 1998, Phorum was the original PHP and...
SAMSUNG NET-i Viewer 1.37 SEH Overwrite
No description provided by source. html object classid='clsid:FA6E2EA9-D816-4F00-940B-609C9E8847A4' id='target' /object script language='vbscript' ' Exploit Title: SAMSUNG NET-i viewer ActiveX SEH Overwrite ' Date: April 30 2012 ' Author: Blake ' Software Link:...
SPlayer XvidDecoder 3.3 - ActiveX Remote Exec 0day PoC
No description provided by source. Author: superli Tested on: xpsp3 ie6 Code : object id=TestObj classid=CLSID:E5960BC4-A76B-4211-BEEC-9AEE2AF8AAE6 style=width:100;height:350/object...
wordpress 3.0.3 - Stored XSS (ie7,6 ns8.1)
No description provided by source. Exploit Title: Wordpress 3.0.3 stored XSS IE7,6 NS8.1 Date: 27 december 2010 Author: Saif Software Link:wordpress.org Version: 3.0.3 Tested on: IE 6 a stored XSS vulnerability using CSS styles affecting users surfing the malicious post using IE6, IE7, NS 8.1 POC...