Safari for windows 64 iframe Blue Screen Of Death (BSoD)

iframe 标签 64位的Win7系统崩溃的标签，它将导致 Win7 发生著名的蓝屏错误 Blue Screen Of Death BSoD. 该漏洞在64位的Win7下的Safari 浏览器测试 该漏洞是由于 win32k.sys 的一个错误导致内存的崩溃，当页面上包含一个 iframe，其 height 属性是个非常大的值时该错误就会发生。 目前该漏洞仅存在于64位的win7系统 0 Safari for windows 64 目前尚无有效方案 iframe height='18082563'/iframe...

Mozilla Foundation Security Advisory 2012-03

Mozilla Foundation Security Advisory 2012-03 Title: iframe element exposed across domains via name attribute Impact: High Announced: January 31, 2012 Reporter: Alex Dvorov Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 10.0 Thunderbird 10.0 SeaMonkey 2.7 Description Alex Dvorov...

FreeBSD : mozilla -- multiple vulnerabilities (0a9e2b72-4cb7-11e1-9146-14dae9ebcf89)

The Mozilla Project reports : MFSA 2012-01 Miscellaneous memory safety hazards rv:10.0/ rv:1.9.2.26 MFSA 2012-02 Overly permissive IPv6 literal syntax MFSA 2012-03 iframe element exposed across domains via name attribute MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal ...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-01 Miscellaneous memory safety hazards rv:10.0/ rv:1.9.2.26 MFSA 2012-02 Overly permissive IPv6 literal syntax MFSA 2012-03 iframe element exposed across domains via name attribute MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal o...

4Images 1.7.6 Cross Site Request Forgery

!/usr/bin/perl Title : 4images 1.7.6 9 Csrf inject php code Author : Or4nG.M4n Version : 1.7.6 9 Homepage : http://www.4homepages.de/ Dork : "Powered by 4images" video : http://youtu.be/NYFzC9hH54 Thnks+----------------------------------+ | xSs m4n i-Hmx h311c0d3 |.sp. abo.B4sil | HcJ Cyb3r...

4Images 1.7.6-9 - Cross-Site Request Forgery / PHP Code Injection

!/usr/bin/perl Title : 4images 1.7.6 9 Csrf inject php code Author : Or4nG.M4n Version : 1.7.6 9 Homepage : http://www.4homepages.de/ Dork : "Powered by 4images" video : http://youtu.be/NYFzC9hH54 Thnks+----------------------------------+ | xSs m4n i-Hmx h311c0d3 |.sp. abo.B4sil | HcJ Cyb3r...

GreenBrowser double free

Double free on iframe tag...

GreenBrowser iframe content Double Free Vulnerability

GreenBrowser searchbar iframe content Double Free Vulnerability ------------------------------------------------------------------ I. Summary All versions of GreenBrowser is prone to a vulnerability which leads to arbitrary code execution. A Double Free of iframe object is triggered by its shortc...

Microsoft Windows Kernel 'win32k.sys' Memory Corruption Vulnerability

Microsoft Windows 7 Professional 64-bit is prone to a memory corruption vulnerability. This VT has been deprecated and replaced by the VT with the OID: 1.3.6.1.4.1.25623.1.0.902810. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...

CVE-2011-5046

The Graphics Device Interface GDI in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers...

Android浏览器证书伪造漏洞

Open Handset Alliance Android是一款超过30家科技与移动电话公司所组成的团体开发的免费的移动电话平台 由于浏览器显示错误证书信息，可通过iframe可使用其他合法站点的证书，使用户信任当前网页内容 0 Android 3.x 厂商解决方案 目前没有详细解决方案提供： http://www.android.com/...

Google Crome for Androind certificate information spoofing

It's possible to spoof certificate information by using IFRAME...

Windows 7 64 bit Memory Corruption Vulnerability

Windows 7 64 bit Memory Corruption Vulnerability A person known by the alias of "w3bd3vil " on twitter released an HTML snippet that will cause the 64 bit version of Windows 7 to blue screen if viewed under Safari. The underlying vulnerability is however not a flaw in Safari but rather a flaw in...

Researchers Warn of New Windows 7 Vulnerability

Researchers are warning about a new remotely exploitable vulnerability in 64-bit Windows 7 that can be used by an attacker to run arbitrary code on a vulnerable machine. The bug was first reported a couple of days ago by an independent researcher and confirmed by Secunia. In a message on Twitter,...

Microsoft Internet Explorer IFRAME装载信息泄露漏洞

Bugtraq ID: 51065 CVE ID：CVE-2011-4689 Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer 6到9版本中存在漏洞，在IFRAME加载尝试过程中，没有正确防止在违反同源策略所需的时间里采集数据，远程攻击者构建包含恶意JavaScript代码的WEB页，诱使用户解析，可判断目标用户浏览器缓存中的文件 0 Microsoft Internet Explorer 7.0.5730 .11 Microsoft Internet Explorer 9 Microsoft...

Google Chrome IFRAME装载信息泄露漏洞

Bugtraq ID: 51068 CVE ID：CVE-2011-4691 Google Chrome是一款流行的WEB浏览器。 Google Chrome 15.0.874.121及其之前的版本中存在漏洞，在IFRAME加载尝试过程中，没有正确防止在违反同源策略所需的时间里采集数据，远程攻击者构建包含恶意JavaScript代码的WEB页，诱使用户解析，可判断目标用户浏览器缓存中的文件。 0 Google Chrome = 15.0.874.121 厂商解决方案 目前没有详细解决方案提供： http://www.google.com/chrome 测试方法...

i4Style Web Design SQL Injection / Cross Site Scripting

Title : i4Style web design SQL Injection / IFrame Injection + Author : AngelParrot + Vendor : http://i4style.com/ + Google Dork : inurl:webpage.php?PageID= "i4Style" + Exploit - http://example.com/webpage.php?PageID=SQL - http://example.com/webpage.php?PageID=IFrame + Example -...

FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities

FCMS2.7.2 cms and earlier multiple CSRF Vulnerability =================================================================================== Exploit Title: FCMS2.7.2 cms multiple CSRF Vulnerability Download link...

CVE-2011-4688

Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

Design/Logic Flaw

Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...