Report: Mainstream Websites Host Majority of Malware

While Android malware continues to grow faster than other malware types, it still accounts for only a minute fraction of all malware on the Web, according to Cisco’s annual security report released this week. Compromised websites hosting malicious Java and iFrame attacks and other malware far and...

CVE-2013-0751

CVE-2013-0751 affects Mozilla Firefox on Android (before 18.0) and SeaMonkey (before 2.15). The root cause is that a touch event on an HTML document can be observed across multiple IFRAMEs, enabling information leakage and potentially cross-site scripting (XSS). The issue is noted in the Firefox/...

WordPress Pingback Vulnerability Could Lead to DDoS Attacks

A pingback vulnerability exists in the WordPress blogging platform that could leak information and lead to distributed denial of service DDoS attacks if the right script is run, according to web application security firm Acunetix. A pingback is technically something blog owners rely on to track w...

DDoS Attacks on Major US Banks Resurface

UPDATE — The group that claimed responsibility for large-scale distributed denial-of-service attacks against major U.S. banks in September and October has carried out another flurry of attacks that are still ongoing today. Izz ad-Din al-Qassam Cyber Fighters posted its latest threat on Pastebin,...

Joomla, WordPress Sites Hit by IFrame Injection Attacks

Users of the popular Joomla content management system are being urged by security experts to upgrade to the latest version after reports of exploits being used to compromise websites built on the platform. The SANS Internet Storm Center received numerous reports that Joomla sites, as well as...

CVE-2012-6301

The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service application crash via a crafted market: URI in the SRC attribute of an IFRAME element...

Input validation

The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service application crash via a crafted market: URI in the SRC attribute of an IFRAME element...

CVE-2012-6301

The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service application crash via a crafted market: URI in the SRC attribute of an IFRAME element...

GreenBrowser iframe Handling Double Free Vulnerability (Windows)

This host is installed with GreenBrowser and is prone to double free vulnerability. OpenVAS Vulnerability Test $Id: gbgreenbrowserdoublefreevulnwin.nasl 6022 2017-04-25 12:51:04Z teissa $ GreenBrowser iframe Handling Double Free Vulnerability Windows Authors: Rachana Shetty Copyright: Copyright c...

64-bit Debian Linux Rootkit with nginx Doing iFrame Injection - Active Check

Debian Squeeze Linux Rootkit with nginx is prone to iframe injection. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nginx:nginx...

CVE-2012-6041

Double free vulnerability in GreenBrowser before 6.0.1002, when the keyword search bar F6 is activated, allows remote attackers to execute arbitrary code via a crafted iframe...

Double free

Double free vulnerability in GreenBrowser before 6.0.1002, when the keyword search bar F6 is activated, allows remote attackers to execute arbitrary code via a crafted iframe...

CVE-2012-6041

Double free vulnerability in GreenBrowser before 6.0.1002, when the keyword search bar F6 is activated, allows remote attackers to execute arbitrary code via a crafted iframe...

CVE-2012-6041

GreenBrowser is affected by CVE-2012-6041. The vulnerability is a double-free in the iframe handling logic (triggered when the keyword search bar F6 is activated) that could allow remote code execution. Affected product: GreenBrowser prior to version 6.0.1002. Root cause: improper memory manageme...

WeBid 1.0.5 - Cross-Site Scripting

WeBid 1.0.5 - Cross-Site Scripting Exploit Title: WeBid Vendor Homepage: http://www.webidsupport.com Software Link: http://sourceforge.net/projects/simpleauction/files/simpleauction/WeBid%20v1.0.4/WeBid-1.0.4.zip/download Version: 1.0.5 Tested on: Ubuntu Linux INGRESS SECURITY SECURITY ADVISORY...

CVE-2012-4515

Use-after-free vulnerability in khtml/rendering/renderreplaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by accessing an iframe when it is being updated...

Design/Logic Flaw

Use-after-free vulnerability in khtml/rendering/renderreplaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by accessing an iframe when it is being updated...

CVE-2012-4515

Removed by vendor...

CVE-2012-4751

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC...

CVE-2012-4751

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC...