XSS

Withdrawn: Duplicate of GHSA-vcjj-xf2r-mwvc. Knockout, before 3.5.0-beta, has an XSS injection point in attr name binding for browser IE7 and older...

JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks

More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...

JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks

More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...

JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks

More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...

JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks

More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...

JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks

More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...

WebGate WinRDS 2.0.8 - PlaySiteAllChannel Stack Buffer Overflow

WebGate WinRDS 2.0.8 - PlaySiteAllChannel Stack Buffer Overflow var arg1 = ""; var arg2 = 1; var arg3 = 1; var nops = ""; var shellcode = ""; var buff2 = ""; for i=0; i128; i++ arg1 += "B"; var nseh = "\xeb\x10PD"; var seh = "\xa0\xf2\x07\x10"; for i=0;i80; i++ nops += "\x90"; shellcode =...

Image Viewer CP Gold 6 ActiveX TifMergeMultiFiles() Buffer Overflow

No description provided by source. html !-- Exploit Title: Image Viewer CP Gold 6 ActiveX TifMergeMultiFiles Buffer Overflow Exploit Found By: DrIDE Download: http://www.viscom.com Greets: bz1p, [email protected] for finding the app. Tested on: XP SP3 IE7 CVE: 0day -- object...

Apple QuickTime 7.7.2 TeXML Style Element font-table Field Stack Buffer Overflow

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

XChat <= 2.8.7b (URI Handler) Remote Code Execution Exploit (ie6/ie7)

No description provided by source. Xchat = 2.8.7b Remote Code Execution tested on Windows XP SP1+SP2+SP3, IE6 & IE7 fully patched Vendor : http://xchat.org/ Affected Os : Windows Risk : critical This bug is related to the URI Handler vulnerability but the approch is a bit different. We don't use...

RealNetworks Realplayer QCP Parsing Heap Overflow

No description provided by source. $Id: realplayerqcp.rb 13745 2011-09-17 06:48:33Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

NUVICO DVR NVDV4 / PdvrAtl Module (PdvrAtl.DLL 1.0.1.25) - BoF Exploit

No description provided by source. !-- NUVICO DVR NVDV4 / PdvrAtl Module PdvrAtl.DLL 1.0.1.25 remote heap overflow exploit IE7/XP SP2 check a camera demo here: http://www.2mcctv.com/2mdemo.php codebase: http://www.dvrstation.com/pdvratl.php?vendor=0 rgod ///////////////////////////////...

AOL 9.5 ActiveX 0day Exploit (heap spray)

No description provided by source. html head titleAOL 9.5 ActiveX 0day Exploit heap spray /title br+ AOL 9.5 ActiveX 0day Exploit heap spray/br br+ Author : Dzattacker/br br+ Discovered by: Hellcode Research http://www.hellcode.net br+ Reference: http://www.exploit-db.com/exploits/11190 br+ Teste...

J-Integra 2.11 - Remote Code Execution Exploit

No description provided by source. html !-- j-integra v2.11 Remote code execution vulnerability Discovered on: Thursday, October 28, 2010, 10:10:12 PM Download: http://j-integra.intrinsyc.com/ Author: bz1p, [email protected] impact: LOW, due to the object NOT marked safe for scripting Tested on: X...

Phorum <= 5.2.11 Permanent Cross Site Scripting Vulnerabilities

No description provided by source. //----- Advisory Program : Phorum 5.2.11 and prior Homepage : http://www.phorum.org/ Discovery : 2009/07/16 Author Contacted : 2009/07/17 Found by : CrashFr This Advisory : CrashFr //----- Application description Started in 1998, Phorum was the original PHP and...

J-Integra 2.11 - ActiveX SetIdentity() Buffer Overflow Exploit

No description provided by source. !-- Exploit Title: J-Integra v2.11 ActiveX SetIdentity Buffer Overflow Exploit Found By: DrIDE Download: http://j-integra.intrinsyc.com/ Greets: bz1p, [email protected] for finding the app. Tested on: XP SP3 IE7 CVE: 0day Notes: This is not the same control as...

Mitsubishi MX ActiveX Component 3 - (ActUWzd.dll (WzTitle)) - Remote Exploit

No description provided by source. !-- Title: Mitsubishi MX Component v3 ActiveX 365+-Day ActUWzd.dll WzTitle By: DrIDE File: C:\MELSEC\Act\Control\ActUWzd.dll Version 1.0.0.1 Known Affected Systems: CitectScada 7.10r1 ships with this in the Extras folder. Known Affected Systems: CitectFacilities...

wordpress 3.0.3 - Stored XSS (ie7,6 ns8.1)

No description provided by source. Exploit Title: Wordpress 3.0.3 stored XSS IE7,6 NS8.1 Date: 27 december 2010 Author: Saif Software Link:wordpress.org Version: 3.0.3 Tested on: IE 6 a stored XSS vulnerability using CSS styles affecting users surfing the malicious post using IE6, IE7, NS 8.1 POC...

openSUSE Security Update : namazu (openSUSE-2011-79)

bnc732323 pretty bug number! - CVE-2011-4345 XSS flaw for IE6/7 in japanese locale %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2011-79. The text description of this plugin is C...

Microsoft Windows ShellExecute and IE7 URL Handling Code Execution (MS07-061) - Ver2 (CVE-2007-3896)

Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Microsoft Windows Internet Explorer 7. The vulnerability occurs when Windows does not correctly handle specially crafted URLs or URIs that are passed to it. There are a...