5118 matches found
inia.gob.es IFRAME Injection vulnerability
Vulnerable URL: http://www.inia.gob.es/IniaPortal/goUrlDinamica.action?url=https://www.openbugbounty.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 10.08.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 11557901 VIP...
direitovivo.com.br IFRAME Injection vulnerability
Vulnerable URL: http://www.direitovivo.com.br/asp/redirect.asp?url=https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 21.09.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculate...
freesexyindians.com IFRAME Injection vulnerability
Vulnerable URL: https://www.freesexyindians.com/?s= XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 23403 VIP website status:| Yes Coordinated Disclosure Timeline:...
kissanimes.net IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-250357 Description| Value ---|--- Affected Website:| kissanimes.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
localmoxie.com IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-250356 Description| Value ---|--- Affected Website:| localmoxie.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
usapa.org XSS vulnerability
Vulnerable URL: http://usapa.org/iframe/ptp/index.php?code=1/-///'/"//--...
loveroms.com IFRAME Injection vulnerability
Vulnerable URL: https://www.loveroms.com/roms.php?q=""; XANY Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 11670 VIP website status:| Yes Coordinated Disclosure Timeline: Description| Value ---|---...
Cross-site Scripting (XSS)
ckeditor-dev is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript via the src attribute in the iframe element. This can only occur when the Iframe plugin is used and advanced content filter is turned off in a browser...
Cross-site Scripting (XSS)
ckeditor-dev is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript via the srcdoc attribute in the iframe element. This attack can only happen with the Iframe plugin and Advanced Content Filter turned off...
OLX: OLX is vulnerable to clickjaking
A Olx.com webpage was vulnerable to a Clickjacking attack that could have lead to account sensitive information disclosure. @spiyushsonikumar1671 was able to demonstrate this vulnerability by crafting a specially formatted webpage with iframe embedded. We would like to thanks for this report...
belediyehaberleri.com IFRAME Injection vulnerability
Vulnerable URL: http://www.belediyehaberleri.com/view.php?url=https://openbugbounty.org/ Details: Description| Value ---|--- Patched:| Yes, at 29.07.2017 Latest check for patch:| 29.07.2017 19:24 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 12067...
dou.ua IFRAME Injection vulnerability
Vulnerable URL: https://dou.ua/users/maxim-yaremchuk/ Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 25283 VIP website status:| Yes Check dou.ua SSL connection:| Grade: A+ Coordinated Disclosure...
CVE-2017-5045
XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page...
Apple WebKit Safari 10.0.2(12602.3.12.0.1) - operationSpreadGeneric Universal Cross-Site Scripting
Apple WebKit Safari 10.0.212602.3.12.0.1 - operationSpreadGeneric Universal Cross-Site Scripting 'use strict'; function spreada return ...a; let arr = Object.create1, 2, 3, 4; for let i = 0; i f.onload = null; try spreadf.contentWindow; catch e e.constructor.constructor'alertlocation'; ; f.src =...
butik.work IFRAME Injection vulnerability
Vulnerable URL: http://butik.work/search.php?s= XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check butik.work S...
Nintendo: 3DS DNS Client Resolver Library Uses Predictable TXID
I bought a New Nintendo 3DS XL US with firmware 11.2.0-35U, and I've noticed that that DNS client resolved on the 3DS uses a simple incrementing TXID for lookups. This does not provide enough entropy to prevent remote attackers from spoofing responses. For example, see MS08-020 when this happened...
Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting Exploit
Exploit for multiple platform in category web applications child = mfirstChild removeBetweennullptr, child-nextSibling, child; notifyChildNodeRemovedthis, child; If the location hash value is set, the page will give focus to the associated element. However, if there is a stylesheet that has not...
WebKit WebCore::toJS Use-After-Free
WebKit: WebCore::toJS use-after-free CVE-2017-2476 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: ================================================================= function freememory var a; forvar i=0;i...
WebKit: UXSS via a focus event and a link element (CVE-2017-2479)
This is somewhat similar to https://crbug.com/663476. Here's a snippet of Container::replaceAllChildren. while RefPtr child = mfirstChild removeBetweennullptr, child-nextSibling, child; notifyChildNodeRemovedthis, child; If the location hash value is set, the page will give focus to the associate...
Apple Webkit - 'JSCallbackData' Universal Cross-Site Scripting
globalObject-vm, callback JSC::JSObject callback return mcallback.get; JSDOMGlobalObject globalObject return JSC::jsCastmcallback-globalObject; JSC::JSValue invokeCallbackJSC::MarkedArgumentBuffer& args, CallbackType callbackType, JSC::PropertyName functionName, NakedPtr& returnedException return...