Session Riding and multiple XSS in WebCit

Vendor contacted: 2007-06-24 Affects: Webcit 7.11 Fixed: 2007-07-06 WebCit 7.11 1. Background WebCit is the webfrontend to administer and use Citadel, which is an open-source groupware server. 2. Session Riding 2.I. Problem Description It is possible for an attacker to execute actions in the name...

MPack with virtual hosting and PHP security-vulnerability warning-the black bar safety net

MPack is by a self-proclaimed "Dream Coders Team" of the organization development of the PHP program, which contain a number of the latest exploit code can be used to manipulate the distal end of attacks on Panda Labs at the end of last year when for the first time found that, at the time someone...

Design/Logic Flaw

Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI...

CVE-2007-3186

Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI...

CVE-2007-3186

Apple Safari Beta 3.0.1 for Windows is affected by a vulnerability where remote attackers can execute arbitrary commands via shell metacharacters in a URI found in the SRC attribute of an IFRAME, demonstrated with a gopher URI. The issue allows command execution through crafted URIs loaded in an ...

Apple Safari 3 for Windows - Protocol Handler Command Injection

source: https://www.securityfocus.com/bid/24434/info Apple Safari for Windows is prone to a protocol handler command-injection vulnerability. Exploiting the issue allows remote attackers to pass arbitrary command-line arguments to any application that can be called through a protocol handler. Thi...

Apple Safari 3 for Windows - Protocol Handler Command Injection

Apple Safari 3 for Windows - Protocol Handler Command Injection source: https://www.securityfocus.com/bid/24434/info Apple Safari for Windows is prone to a protocol handler command-injection vulnerability. Exploiting the issue allows remote attackers to pass arbitrary command-line arguments to an...

Code injection

Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results...

Mozilla Firefox allows cross-domain iframe access via JavaScript

Overview Mozilla Firefox allows cross-domain access to an iframe. This vulnerability could allow an attacker to interact with a web site in a different domain. The attacker could read content and cookies, capture keystrokes, and modify content. Description An iframe is an HTML element which allow...

CVE-2007-3089

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME 1 during the load stage or 2 in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystrok...

Code injection

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME 1 during the load stage or 2 in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystrok...

CVE-2007-3089

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME 1 during the load stage or 2 in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystrok...

CVE-2007-3089

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME 1 during the load stage or 2 in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystrok...

[Full-disclosure] Assorted browser vulnerabilities

Hello, Will keep it brief. A couple of browser bugs, fresh from the oven, hand crafted with love: 1 Title : MSIE page update race condition CRITICAL Impact : cookie stealing / setting, page hijacking, memory corruption Demo : http://lcamtuf.coredump.cx/ierace/ ...aka the bait & switch...

sparkassen-xss.txt

The "Sparkassen-Finanzgruppe" with a transaction volume of over 3.300 billion euro is one of the largest banks for private customers in germany. Many local member-banks of the group use the online banking portal provided by sfze http://www.sfze.de/, a subsidiary company of Sparkassen-Finanzgruppe...

Hung it to the way and the system determines whether the code-vulnerability warning-the black bar safety net

A:The frame hanging horse iframe src=address width=0 height=0/iframe II:the js file hanging horse First, the following code document. write"iframe width='0' height='0' src='address'/iframe"; 保存 为 xxx.js that The JS hung it to the code script language=javascript src=xxx. js/script Three:js...

CVE-2007-1737

Opera 9.10 does not check URLs embedded in 1 object or 2 iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection...

CVE-2007-1737

Opera 9.10 does not check URLs embedded in 1 object or 2 iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection...

Opera / Firefox anti-phishing protection bypass

Phishing sites embedded into IFRAME are not detected...

Bypass phishing protection in Firefox / Opera

Hi, i've tested a simple way to bypass the phishing protection in Firefox 2.0.0.3 and Opera 9.10. Aparently both browsers fails to detect a phishing site if it is embeded in an IFRAME / OBJECT label. I've released some demostrations to test the above: http://zonafirefox.googlepages.com/prueba.htm...