Invision Power Board 2.x - 'Signature' iFrame Security

source: https://www.securityfocus.com/bid/28466/info Invision Power Board IP.Board is prone to a security vulnerability that can aid attackers in social-engineering attacks. Attacker-supplied script code could exploit vulnerabilities in the user's browser or give the user a false sense of securit...

Invision Power Board <=2.3.x iFrame Vuln

Tested On: http://www.abarjigs.com/forum/ Effected on:Invision Power Board =2.3.x Type:Signature With iFrame Discovered By:CYBER.DARK.HIMU SHAHEEMIRZA Google: "style designed by Soi" or "Powered by IP.Board 2.3.1" Mail: [email protected],[email protected] HI TO ALL. HOW TO USE THIS...

Mozilla Firefox 2.0.0.12 - IFrame Recursion Remote Denial of Service

source: https://www.securityfocus.com/bid/27812/info Mozilla Firefox is prone to a remote denial-of-service vulnerability because of the way the browser handles IFrames. Attackers can exploit this issue to make the browser unresponsive and cause denial-of-service conditions. Firefox 2.0.0.12 is...

Mozilla Firefox 2.0.0.12 - IFrame Recursion Remote Denial of Service

Mozilla Firefox 2.0.0.12 - IFrame Recursion Remote Denial of Service source: https://www.securityfocus.com/bid/27812/info Mozilla Firefox is prone to a remote denial-of-service vulnerability because of the way the browser handles IFrames. Attackers can exploit this issue to make the browser...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 wpcfemail, 2 wpcfsubject, 3 wpcfquestion, 4 wpcfanswer, 5...

CVE-2008-0197

Multiple cross-site scripting XSS vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 wpcfemail, 2 wpcfsubject, 3 wpcfquestion, 4 wpcfanswer, 5...

CVE-2007-5896

Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service CPU consumption and crash via an iframe with Javascript that sets the document.location to contain a leading NULL byte \x00 and a 1 res://, 2 about:config, or 3 file:/// URI...

Design/Logic Flaw

Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service CPU consumption and crash via an iframe with Javascript that sets the document.location to contain a leading NULL byte \x00 and a 1 res://, 2 about:config, or 3 file:/// URI...

CVE-2007-5896

Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service CPU consumption and crash via an iframe with Javascript that sets the document.location to contain a leading NULL byte \x00 and a 1 res://, 2 about:config, or 3 file:/// URI...

kdelibs KDE JavaScript denial of service (crash)

ecma/kjshtml.cpp in KDE JavaScript KJS, as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service crash by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference...

gmailsteal_remote.scpt.txt

-- This script can be used to steal gmail's keychained password by injecting -- Javascripts into Safari. When executed it opens gmail's login page, reads -- saved password and sends it to a logging server by creating an hidden iframe -- into gmail's page. It can be easly modified to steal other...

hackflatnuke.txt

/ hackflatnuke.txt Tested on 2.6 FlatNuke version can work on 3 but it has to be modified With this trick you can steal/modifie a flatnuke account by changing the password and all the profile or change your profile and become an admin Requirements: - You have to know the nickname of the account u...

telemark-xss.txt

Title : Telemark XSS Description : The Telemark telemark.com search engine is vulnerable to XSS Author : Tosser E-mail : [email protected] Proof :...

GLSA-200708-09 : Mozilla products: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200708-09 Mozilla products: Multiple vulnerabilities Mozilla developers fixed several bugs, including an issue with modifying XPCNativeWrappers CVE-2007-3738, a problem with event handlers executing elements outside of the documen...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "" in 1 the onerror attribute of an IMG element, 2 the onload attribute of an IFRAME element, or 3 redirect users to other sites via the...

CVE-2007-4212

Multiple cross-site scripting XSS vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "" in 1 the onerror attribute of an IMG element, 2 the onload attribute of an IFRAME element, or 3 redirect users to other sites via the...

Firefox about:blank IFRME帧跨域访问漏洞

BUGTRAQ ID: 24286 CVECAN ID: CVE-2007-3089 Mozilla Firefox是一款流行的开源WEB浏览器。 Firefox在处理文件加载时存在漏洞，远程攻击者在特定情况下可能利用此漏洞欺骗地址栏方便执行钓鱼攻击。 在加载页面阶段或about:blank帧的情况下，Firefox允许使用document.write替换IFRAME帧。如果用户从脚本打开了窗口，在加载页面期间就可能在短时间内欺骗新打开窗口帧的内容，执行网络钓鱼类的攻击。 Mozilla Firefox 2.0.0.5 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

security flaw

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME 1 during the load stage or 2 in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystrok...

security flaw

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME 1 during the load stage or 2 in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystrok...

security flaw

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME 1 during the load stage or 2 in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystrok...