144 matches found
CVE-2014-3352
CVE-2014-3352 affects Cisco Intelligent Automation for Cloud (Cisco Cloud Portal) 2008.3_SP9 and earlier. The root cause is improper handling of certain NULL sessions, leading to an information disclosure via crafted packets (the so-called iFrame vulnerability, Bug CSCuh84801). An unauthenticated...
Design/Logic Flaw
Cisco Intelligent Automation for Cloud aka Cisco Cloud Portal 2008.3SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID...
MS IE 5.0/4.0.1 IFRAME Vulnerability
No description provided by source. Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0/Unix 5.0 IFRAME Vulnerability source: http://www.securityfocus.com/bid/696/info Internet Explorer 5 will allow a malicious w...
Mozilla: Information disclosure though Windows file shares and shortcut files (MFSA 2012-37)
Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut aka .lnk file for display within an IFRAME...
Iframe Vulnerability in Google App Engine (Appspot)
Iframe Vulnerability in Google App Engine Appspot An Indian Hacker "Ethical Mohit" have found in Iframe Vulnerability in Contact Desk page of Google App Engine Appspot. 1 Proof of Concept : Click Here 2 Proof of Concept : Click Here Google App Engine lets you run your web applications on Google's...
Iframe Vulnerability in Google App Engine (Appspot)
Iframe Vulnerability in Google App Engine Appspot An Indian Hacker "Ethical Mohit " have found in Iframe Vulnerability in Contact Desk page of Google App Engine Appspot. 1 Proof of Concept :Click Here 2 Proof of Concept :Click Here Google App Engine lets you run your web applications on Google's...
A DNS suffix may lead to cross-domain security issues-vulnerability warning-the black bar safety net
We all know that dhcpd can be set in which the client's DNS suffix. For example, if we set the DNS suffix"sb.com”when we visit www. sb. com, all clients will use the DHCP server and try the following sequence for resolution. Note: the following green font are representative of the Main Domain Nam...
Mozilla crash from bad iframe source (MFSA 2011-12)
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code vi...
Unfixed XSS vulnerability at www.simess.com
Security researcher Uber0n, has submitted on 16/07/2008 a cross-site-scripting XSS vulnerability affecting www.simess.com, which at the time of submission ranked 6466133 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/11/2008. It is currentl...
CVE-2004-1050
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long 1 SRC or 2 NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."...
CVE-2004-2476
Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service infinite loop and crash via an IFRAME with "?" as the file source...
VulnCheck KEV: CVE-2004-1050
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long 1 SRC or 2 NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."...
CVE-2004-1050
CVE-2004-1050 affects Internet Explorer 6. A heap-based buffer overflow occurs when parsing long NAME or SRC attributes in IFRAME/FRAME/EMBED elements, allowing remote code execution. Exploitation typically involves loading a crafted page; CVSS notes high risk (network exploit, no user interactio...
CVE-2004-1050
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long 1 SRC or 2 NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."...
Microsoft Internet Explorer 6 - IFRAME Tag Buffer Overflow
BoF PoC exploit iS' ,SS" Copyright C 2003, 2004 by Berend-Jan Wever. YS, .ss ,sY" http://www.edup.tudelft.nl/bjwever "YSSP" sSS This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2, 1991 as published by the Free Softwa...
Opera Web Browser 7.0 - Remote IFRAME Denial of Service
source: https://www.securityfocus.com/bid/10081/info A denial of service vulnerability has been reported to affect Opera Web Browser. The issue is reported to present itself when Opera attempts to render IFRAME HTML tags that contain an invalid source argument. A remote attacker may exploit this...
Opera Web Browser 7 - IFRAME Zone Restriction Bypass
source: https://www.securityfocus.com/bid/8887/info A flaw in the Opera web browsers security model has been discovered that could allow an attacker to access a users filesystem within the Local Zone. The problem occurs when handling malformed HTML iframes which point to local system locations...
mIRC 6.1 - 'IRC' Protocol Remote Buffer Overflow
/ remote mirc 998 chars to someone on IRC is simply NOT done : Then I remember the iframe-irc:// flaw found by uuuppzz 2 This exploit will write an malicious HTML file containing an iframe executing the irc:// address. So you can give this to anyone on IRC for example ; The shellcode included doe...
Microsoft Internet Explorer 5/6 - 'file://' Request Zone Bypass
source: https://www.securityfocus.com/bid/7539/info Internet Explorer is reported to be vulnerable to a zone bypass issue. Allegedly, if Internet Explorer attempts to open a web page containing numerous 'file://' requests each contained in a separate Iframe, the requested file will eventually be...
CVE-2002-0783
Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL...