Lucene search
+L

144 matches found

CVE
CVE
added 2014/08/30 10:0 a.m.46 views

CVE-2014-3352

CVE-2014-3352 affects Cisco Intelligent Automation for Cloud (Cisco Cloud Portal) 2008.3_SP9 and earlier. The root cause is improper handling of certain NULL sessions, leading to an information disclosure via crafted packets (the so-called iFrame vulnerability, Bug CSCuh84801). An unauthenticated...

4.3CVSS6.4AI score0.02824EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2014/08/30 9:55 a.m.16 views

Design/Logic Flaw

Cisco Intelligent Automation for Cloud aka Cisco Cloud Portal 2008.3SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID...

4.3CVSS6.8AI score0.02824EPSS
Exploits0References6Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

MS IE 5.0/4.0.1 IFRAME Vulnerability

No description provided by source. Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0/Unix 5.0 IFRAME Vulnerability source: http://www.securityfocus.com/bid/696/info Internet Explorer 5 will allow a malicious w...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2012/06/06 11:42 p.m.7 views

Mozilla: Information disclosure though Windows file shares and shortcut files (MFSA 2012-37)

Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut aka .lnk file for display within an IFRAME...

2.9CVSS7.3AI score0.00463EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2011/08/16 8:10 p.m.10 views

Iframe Vulnerability in Google App Engine (Appspot)

Iframe Vulnerability in Google App Engine Appspot An Indian Hacker "Ethical Mohit" have found in Iframe Vulnerability in Contact Desk page of Google App Engine Appspot. 1 Proof of Concept : Click Here 2 Proof of Concept : Click Here Google App Engine lets you run your web applications on Google's...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2011/08/16 8:10 p.m.3 views

Iframe Vulnerability in Google App Engine (Appspot)

Iframe Vulnerability in Google App Engine Appspot An Indian Hacker "Ethical Mohit " have found in Iframe Vulnerability in Contact Desk page of Google App Engine Appspot. 1 Proof of Concept :Click Here 2 Proof of Concept :Click Here Google App Engine lets you run your web applications on Google's...

7.1AI score
Exploits0
myhack58
myhack58
added 2011/05/14 12:0 a.m.31 views

A DNS suffix may lead to cross-domain security issues-vulnerability warning-the black bar safety net

We all know that dhcpd can be set in which the client's DNS suffix. For example, if we set the DNS suffix"sb.com”when we visit www. sb. com, all clients will use the DHCP server and try the following sequence for resolution. Note: the following green font are representative of the Main Domain Nam...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2011/04/29 3:15 a.m.6 views

Mozilla crash from bad iframe source (MFSA 2011-12)

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code vi...

10CVSS7.8AI score0.05259EPSS
Exploits0References4
xssed
xssed
added 2008/07/16 12:0 a.m.13 views

Unfixed XSS vulnerability at www.simess.com

Security researcher Uber0n, has submitted on 16/07/2008 a cross-site-scripting XSS vulnerability affecting www.simess.com, which at the time of submission ranked 6466133 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/11/2008. It is currentl...

Exploits0References1
NVD
NVD
added 2004/12/31 5:0 a.m.18 views

CVE-2004-1050

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long 1 SRC or 2 NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."...

10CVSS8AI score0.67061EPSS
Exploits4References12
NVD
NVD
added 2004/12/31 5:0 a.m.16 views

CVE-2004-2476

Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service infinite loop and crash via an IFRAME with "?" as the file source...

2.6CVSS6.6AI score0.09069EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2004/12/01 12:0 a.m.3 views

VulnCheck KEV: CVE-2004-1050

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long 1 SRC or 2 NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."...

10CVSS6.4AI score0.67061EPSS
Exploits4References1
CVE
CVE
added 2004/11/18 5:0 a.m.97 views

CVE-2004-1050

CVE-2004-1050 affects Internet Explorer 6. A heap-based buffer overflow occurs when parsing long NAME or SRC attributes in IFRAME/FRAME/EMBED elements, allowing remote code execution. Exploitation typically involves loading a crafted page; CVSS notes high risk (network exploit, no user interactio...

10CVSS7.8AI score0.67061EPSS
Exploits4References12Affected Software6
Cvelist
Cvelist
added 2004/11/18 5:0 a.m.38 views

CVE-2004-1050

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long 1 SRC or 2 NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."...

7.9AI score0.67061EPSS
Exploits4References12
Exploit DB
Exploit DB
added 2004/11/02 12:0 a.m.125 views

Microsoft Internet Explorer 6 - IFRAME Tag Buffer Overflow

BoF PoC exploit iS' ,SS" Copyright C 2003, 2004 by Berend-Jan Wever. YS, .ss ,sY" http://www.edup.tudelft.nl/bjwever "YSSP" sSS This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2, 1991 as published by the Free Softwa...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2004/04/08 12:0 a.m.25 views

Opera Web Browser 7.0 - Remote IFRAME Denial of Service

source: https://www.securityfocus.com/bid/10081/info A denial of service vulnerability has been reported to affect Opera Web Browser. The issue is reported to present itself when Opera attempts to render IFRAME HTML tags that contain an invalid source argument. A remote attacker may exploit this...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/10/24 12:0 a.m.27 views

Opera Web Browser 7 - IFRAME Zone Restriction Bypass

source: https://www.securityfocus.com/bid/8887/info A flaw in the Opera web browsers security model has been discovered that could allow an attacker to access a users filesystem within the Local Zone. The problem occurs when handling malformed HTML iframes which point to local system locations...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/10/21 12:0 a.m.36 views

mIRC 6.1 - 'IRC' Protocol Remote Buffer Overflow

/ remote mirc 998 chars to someone on IRC is simply NOT done : Then I remember the iframe-irc:// flaw found by uuuppzz 2 This exploit will write an malicious HTML file containing an iframe executing the irc:// address. So you can give this to anyone on IRC for example ; The shellcode included doe...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/05/09 12:0 a.m.22 views

Microsoft Internet Explorer 5/6 - 'file://' Request Zone Bypass

source: https://www.securityfocus.com/bid/7539/info Internet Explorer is reported to be vulnerable to a zone bypass issue. Allegedly, if Internet Explorer attempts to open a web page containing numerous 'file://' requests each contained in a separate Iframe, the requested file will eventually be...

7AI score
Exploits0
NVD
NVD
added 2002/08/12 4:0 a.m.19 views

CVE-2002-0783

Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL...

7.5CVSS7.3AI score0.02813EPSS
Exploits1References3
Rows per page
Query Builder