CVE-2015-0072

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a...

By javascript hack TP-Link Router with the Poc and video-bug warning-the black bar safety net

Recently read this post:“getlocalandpublicipaddressesinjavascript with javascript to get the local and public IP address”I began to think, this used to hack into WIFI router is a good idea Ah, I have just got a TP-LINK WR741N, then measured up the chant. The collection of relevant information, I...

Zero Day in WordPress Plugin FancyBox Patched

Developers have patched a zero day vulnerability in FancyBox, a plug-in for WordPress, which allowed malware to be added via an iFrame to infected sites. Despite not having been updated in over two years, Jose Pardilla, the author of FancyBox, insisted early Thursday that he had fixed the flaw wi...

CVE-2015-0599

The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System UCS on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web...

Cross site scripting

The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System UCS on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web...

Cisco UCS C-Series Rack Servers Integrated Management Controller Cross-Frame Scripting Vulnerability

A vulnerability in the web interface of the Cisco Integrated Management Controller of the Cisco Unified Computing System C-Series Rack Servers could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe...

About.com Cross Site Scripting

About Group about.com All Topics At least 99.88% links Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Security Vulnerabilities Vulnerability Description: About.com all "topic sites" are vulnerable to XSS Cross-Site Scripting and Iframe Injection Cross Frame Scripti...

cmseay存储型跨站xss

简要描述： 绕过防护 详细说明： /bbs/ajax.php 19行 $data'username' = isset$COOKIE'username' ? $COOKIE'username' : ''; 无过滤。。 漏洞证明： ./bbs/360safe.php $cookiefilter = "\band|or\b.1,6?=|| 回复之后...

Web Browsers Malicious Hidden iFrame Redirection

A compromised site may use an obfuscated hidden iFrame code in order to redirect traffic to a malicious website. The client would then be vulnerable to possible automatic download of malware...

Internet Explorer Malformed IFRAME Buffer Overflow (MS04-040) - Ver2 (CVE-2004-1050)

Internet Explorer IE is a popular web browser developed by Microsoft corporation. A buffer overflow vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is in the way Microsoft Internet Explorer parses certain parameters of an IFRAME tag. An attacker can exploit this...

qword.nbget.com IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-53004 Description| Value ---|--- Affected Website:| qword.nbget.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

HP Operations Agent Remote XSS iFrame Injection

No description provided by source. !/usr/bin/python Exploit Title: HP Operations Agent / HP Communications Broker Remote XSS iFrame Injection Date: 10/16/2014 Exploit Author: Matt Schmidt Syph0n Vendor Homepage: www.hp.com Version: HP Operations Manager/Operations Agent / OpenView Communications...

openSUSE Security Update : firefox / mozilla-nspr / mozilla-nss (openSUSE-SU-2014:1344-1)

update to Firefox 33.0 bnc900941 New features : - OpenH264 support sandboxed - Enhanced Tiles - Improved search experience through the location bar - Slimmer and faster JavaScript strings - New CSP Content Security Policy backend - Support for connecting to HTTP proxy over HTTPS - Improved...

HP Operations Agent Remote XSS iFrame Injection

Exploit for multiple platform in category web applications !/usr/bin/python Exploit Title: HP Operations Agent / HP Communications Broker Remote XSS iFrame Injection Date: 10/16/2014 Exploit Author: Matt Schmidt Syph0n Vendor Homepage: www.hp.com Version: HP Operations Manager/Operations Agent /...

HP Operations Agent - Cross-Site Scripting iFrame Injection

!/usr/bin/python Exploit Title: HP Operations Agent / HP Communications Broker Remote XSS iFrame Injection Date: 10/16/2014 Exploit Author: Matt Schmidt Syph0n Vendor Homepage: www.hp.com Version: HP Operations Manager/Operations Agent / OpenView Communications Broker 11.14 Tested on: Windows 7,...

HP Operations Agent - Cross-Site Scripting iFrame Injection

HP Operations Agent - Cross-Site Scripting iFrame Injection !/usr/bin/python Exploit Title: HP Operations Agent / HP Communications Broker Remote XSS iFrame Injection Date: 10/16/2014 Exploit Author: Matt Schmidt Syph0n Vendor Homepage: www.hp.com Version: HP Operations Manager/Operations Agent /...

Mozilla Firefox < 33.0 Multiple Vulnerabilities

Binary data 8553.prm...

FreeBSD : mozilla -- multiple vulnerabilities (9c1495ac-8d8c-4789-a0f3-8ca6b476619c)

The Mozilla Project reports : MFSA 2014-74 Miscellaneous memory safety hazards rv:33.0 / rv:31.2 MFSA 2014-75 Buffer overflow during CSS manipulation MFSA 2014-76 Web Audio memory corruption issues with custom waveforms MFSA 2014-78 Further uninitialized memory use during GIF MFSA 2014-79...

Information disclosure

The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive informati...

Information disclosure

content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME...