5125 matches found
Apple WebKit Safari 10.0.2(12602.3.12.0.1) - operationSpreadGeneric Universal Cross-Site Scripting
Apple WebKit Safari 10.0.212602.3.12.0.1 - operationSpreadGeneric Universal Cross-Site Scripting 'use strict'; function spreada return ...a; let arr = Object.create1, 2, 3, 4; for let i = 0; i f.onload = null; try spreadf.contentWindow; catch e e.constructor.constructor'alertlocation'; ; f.src =...
butik.work IFRAME Injection vulnerability
Vulnerable URL: http://butik.work/search.php?s= XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check butik.work S...
Nintendo: 3DS DNS Client Resolver Library Uses Predictable TXID
I bought a New Nintendo 3DS XL US with firmware 11.2.0-35U, and I've noticed that that DNS client resolved on the 3DS uses a simple incrementing TXID for lookups. This does not provide enough entropy to prevent remote attackers from spoofing responses. For example, see MS08-020 when this happened...
Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting Exploit
Exploit for multiple platform in category web applications child = mfirstChild removeBetweennullptr, child-nextSibling, child; notifyChildNodeRemovedthis, child; If the location hash value is set, the page will give focus to the associated element. However, if there is a stylesheet that has not...
WebKit WebCore::toJS Use-After-Free
WebKit: WebCore::toJS use-after-free CVE-2017-2476 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: ================================================================= function freememory var a; forvar i=0;i...
WebKit: UXSS via a focus event and a link element (CVE-2017-2479)
This is somewhat similar to https://crbug.com/663476. Here's a snippet of Container::replaceAllChildren. while RefPtr child = mfirstChild removeBetweennullptr, child-nextSibling, child; notifyChildNodeRemovedthis, child; If the location hash value is set, the page will give focus to the associate...
Apple Webkit - 'JSCallbackData' Universal Cross-Site Scripting
globalObject-vm, callback JSC::JSObject callback return mcallback.get; JSDOMGlobalObject globalObject return JSC::jsCastmcallback-globalObject; JSC::JSValue invokeCallbackJSC::MarkedArgumentBuffer& args, CallbackType callbackType, JSC::PropertyName functionName, NakedPtr& returnedException return...
Design/Logic Flaw
iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials...
CVE-2016-5757
iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials...
CVE-2016-5757
CVE-2016-5757 affects NetIQ Access Manager: iManager Admin Console in NAM 4.1 (before 4.1.2 Hot Fix 1) and 4.2 (before 4.2.2). Root cause is an iFrame manipulation vulnerability that could allow remote attackers to gain access to authentication credentials. The connected sources confirm affected ...
CVE-2016-5757
iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials...
autabuy.com IFRAME Injection vulnerability
Vulnerable URL: http://www.autabuy.com/linkout/?goto=https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 15:42 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 522586 VIP...
Dashbuilder: Lack of clickjacking protection on the login page
It was discovered that the Dashbuilder login page could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...
UBUNTU-CVE-2017-5045
XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page...
CVE-2017-5407
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information...
teamgear.us IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-217086 Description| Value ---|--- Affected Website:| teamgear.us Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
gotalk.ru IFRAME Injection vulnerability
Vulnerable URL: http://www.gotalk.ru/demo?url=openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 2826351 VIP website status:| No Check gotalk.ru SSL...
voyeursexvideos.com IFRAME Injection vulnerability
Vulnerable URL: http://www.voyeursexvideos.com/search.php?sq=" XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 47584 VIP website status:| Yes Check...
adoption.com IFRAME Injection vulnerability
Vulnerable URL: https://adoption.com/searchadoption?q=" XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 113299 VIP website status:| No Coordinated Disclosure...
cityoflondon.gov.uk IFRAME Injection vulnerability
Vulnerable URL: https://www.cityoflondon.gov.uk/search/results.aspx?k=" XANY Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 10:38 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 104340 VIP websit...