mIRC 6.1 - 'IRC' Protocol Remote Buffer Overflow

/ remote mirc 998 chars to someone on IRC is simply NOT done : Then I remember the iframe-irc:// flaw found by uuuppzz 2 This exploit will write an malicious HTML file containing an iframe executing the irc:// address. So you can give this to anyone on IRC for example ; The shellcode included doe...

mIRC 6.1 ""IRC"" Protocol Remote Buffer Overflow Exploit

No description provided by source. / remote mirc 6.11 exploit by blasty TESTED ON: Windows XP No SP, Ducth Build: 2600.xpclient.010817-1148 A few days ago, I saw a mIRC advisory on packetstorm 1 and was surprised nobody had written an exploit yet. So I decided to start writing one. Since this was...

mIRC 6.1 - IRC Protocol Remote Buffer Overflow

mIRC 6.1 - IRC Protocol Remote Buffer Overflow / remote mirc 998 chars to someone on IRC is simply NOT done : Then I remember the iframe-irc:// flaw found by uuuppzz 2 This exploit will write an malicious HTML file containing an iframe executing the irc:// address. So you can give this to anyone ...

CVE-2003-0604

Windows Media Player WMP 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File://...

CVE-2003-0604

Windows Media Player WMP 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File://...

ProductCart XSS Vulnerability

ProductCart XSS Vulnerability found by atomix i came across the fact that in an area of ProductCart you are able to manipulate the error message, therefore allowing tags such as script and iframe to be used: http://www.website.com/ProductCart/pc/msg.asp?message=scriptalert document.cookie;/script...

Microsoft Internet Explorer 5/6 - 'file://' Request Zone Bypass

source: https://www.securityfocus.com/bid/7539/info Internet Explorer is reported to be vulnerable to a zone bypass issue. Allegedly, if Internet Explorer attempts to open a web page containing numerous 'file://' requests each contained in a separate Iframe, the requested file will eventually be...

Microsoft Internet Explorer 56 - file: Request Zone Bypass

Microsoft Internet Explorer 56 - file: Request Zone Bypass source: https://www.securityfocus.com/bid/7539/info Internet Explorer is reported to be vulnerable to a zone bypass issue. Allegedly, if Internet Explorer attempts to open a web page containing numerous 'file://' requests each contained i...

Microsoft Internet Explorer 5 - IFrameFrame Cross-SiteZone Script Execution

Microsoft Internet Explorer 5 - IFrameFrame Cross-SiteZone Script Execution source: https://www.securityfocus.com/bid/5672/info When a Microsoft Internet Explorer MSIE window opens another window, security checks should prevent the parent from accessing the child if the latter is of another domai...

CVE-2002-0783

Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL...

Opera 5.126.0 - Frame Location Same Origin Policy Circumvention

Opera 5.126.0 - Frame Location Same Origin Policy Circumvention source: https://www.securityfocus.com/bid/4745/info Opera is a web browser product created by Opera Software, and is available for a range of operating systems including Windows and Linux. A vulnerability has been reported in some...

Opera 5.12/6.0 - Frame Location Same Origin Policy Circumvention

source: https://www.securityfocus.com/bid/4745/info Opera is a web browser product created by Opera Software, and is available for a range of operating systems including Windows and Linux. A vulnerability has been reported in some versions of the Opera Browser. It is possible to bypass the same...

CVE-2001-1325

CVE-2001-1325 affects Internet Explorer 5.0/5.5 and Outlook Express 5.0/5.5. The vulnerability allows remote script execution when Active Scripting is disabled if scripts are embedded in XML stylesheets (XSL) loaded via an IFRAME, potentially tied to Windows Scripting Host (WSH). OpenVAS findings...

CVE-2000-0662

The CVE-2000-0662 entry describes a vulnerability in Internet Explorer 5.x and Microsoft Outlook where remote attackers can read arbitrary files by redirecting the contents of an IFRAME via the DHTML Edit Control (DHTMLED). The root cause is tied to the DHTMLED component handling dynamic HTML/IFR...

CVE-1999-1472

This CVE (CVE-1999-1472) affects Internet Explorer 4.0. The vulnerability allows a remote attacker to read arbitrary text and HTML files on the user’s machine by delivering a small IFRAME that uses Dynamic HTML (DHTML) to exfiltrate data (the Freiburg text-viewing issue). The connected records co...

CVE-1999-1472

Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML DHTML to send the data to the attacker, aka the Freiburg text-viewing issue...

Re: Several javascript vulnerabilities in Opera

Dear bugtraq, I mailed Opera one week ago about a similiar javascript vulnerability in Opera. I was still waiting for any respond from Opera when I saw Guninski's bugtraq post. One thing that wasn't mentioned and might not be obvious is that the vulnerability can also be used to list files on the...

IE fails to check certificates properly if initial SSL connection originates in an IFRAME or Image

Overview Several flaws exist in Microsoft Internet Explorer that could allow an attacker to masquerade as a legitimate web site if the attacker can compromise the validity of certain DNS information. These problems are different from the problems reported in CERT Advisory CA-2000-05 and CERT...

CVE-2000-0662

Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control DHTMLED...

CVE-2000-0503

The CVE-2000-0503 entry concerns the IFRAME within the WebBrowser control of Internet Explorer 5.01. The issue allows a remote attacker to violate the cross-frame security policy via the NavigateComplete2 event. The description and connected records indicate the vulnerability is tied to the WebBr...