Lucene search
K

5125 matches found

exploitpack
exploitpack
added 2017/04/20 12:0 a.m.13 views

Apple WebKit Safari 10.0.2(12602.3.12.0.1) - operationSpreadGeneric Universal Cross-Site Scripting

Apple WebKit Safari 10.0.212602.3.12.0.1 - operationSpreadGeneric Universal Cross-Site Scripting 'use strict'; function spreada return ...a; let arr = Object.create1, 2, 3, 4; for let i = 0; i f.onload = null; try spreadf.contentWindow; catch e e.constructor.constructor'alertlocation'; ; f.src =...

0.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/04/19 12:10 p.m.9 views

butik.work IFRAME Injection vulnerability

Vulnerable URL: http://butik.work/search.php?s= XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check butik.work S...

7.3AI score
Exploits0
seebug.org
seebug.org
added 2017/04/13 12:0 a.m.16 views

Nintendo: 3DS DNS Client Resolver Library Uses Predictable TXID

I bought a New Nintendo 3DS XL US with firmware 11.2.0-35U, and I've noticed that that DNS client resolved on the 3DS uses a simple incrementing TXID for lookups. This does not provide enough entropy to prevent remote attackers from spoofing responses. For example, see MS08-020 when this happened...

6.9AI score
Exploits0
0day.today
0day.today
added 2017/04/12 12:0 a.m.59 views

Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting Exploit

Exploit for multiple platform in category web applications child = mfirstChild removeBetweennullptr, child-nextSibling, child; notifyChildNodeRemovedthis, child; If the location hash value is set, the page will give focus to the associated element. However, if there is a stylesheet that has not...

4.3CVSS7.7AI score0.05738EPSS
Exploits3
Packet Storm
Packet Storm
added 2017/04/10 12:0 a.m.61 views

WebKit WebCore::toJS Use-After-Free

WebKit: WebCore::toJS use-after-free CVE-2017-2476 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: ================================================================= function freememory var a; forvar i=0;i...

6.8CVSS7.5AI score0.06472EPSS
Exploits4
seebug.org
seebug.org
added 2017/04/07 12:0 a.m.40 views

WebKit: UXSS via a focus event and a link element (CVE-2017-2479)

This is somewhat similar to https://crbug.com/663476. Here's a snippet of Container::replaceAllChildren. while RefPtr child = mfirstChild removeBetweennullptr, child-nextSibling, child; notifyChildNodeRemovedthis, child; If the location hash value is set, the page will give focus to the associate...

4.3CVSS7.6AI score0.05738EPSS
Exploits3
Exploit DB
Exploit DB
added 2017/04/04 12:0 a.m.43 views

Apple Webkit - 'JSCallbackData' Universal Cross-Site Scripting

globalObject-vm, callback JSC::JSObject callback return mcallback.get; JSDOMGlobalObject globalObject return JSC::jsCastmcallback-globalObject; JSC::JSValue invokeCallbackJSC::MarkedArgumentBuffer& args, CallbackType callbackType, JSC::PropertyName functionName, NakedPtr& returnedException return...

7.4AI score
Exploits0
Prion
Prion
added 2017/03/23 6:59 a.m.16 views

Design/Logic Flaw

iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials...

7.5CVSS7.6AI score0.01518EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/03/23 6:59 a.m.18 views

CVE-2016-5757

iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials...

9.8CVSS9.7AI score0.01518EPSS
Exploits0References1
CVE
CVE
added 2017/03/23 6:36 a.m.45 views

CVE-2016-5757

CVE-2016-5757 affects NetIQ Access Manager: iManager Admin Console in NAM 4.1 (before 4.1.2 Hot Fix 1) and 4.2 (before 4.2.2). Root cause is an iFrame manipulation vulnerability that could allow remote attackers to gain access to authentication credentials. The connected sources confirm affected ...

9.8CVSS9.6AI score0.01518EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/03/23 6:36 a.m.18 views

CVE-2016-5757

iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials...

9.8AI score0.01518EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2017/03/21 5:23 a.m.9 views

autabuy.com IFRAME Injection vulnerability

Vulnerable URL: http://www.autabuy.com/linkout/?goto=https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 15:42 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 522586 VIP...

7.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2017/03/16 9:9 p.m.3 views

Dashbuilder: Lack of clickjacking protection on the login page

It was discovered that the Dashbuilder login page could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...

6.5CVSS5.9AI score0.0148EPSS
Exploits0References4
OSV
OSV
added 2017/03/10 12:0 a.m.6 views

UBUNTU-CVE-2017-5045

XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page...

6.1CVSS6.9AI score0.01214EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2017/03/07 12:0 a.m.19 views

CVE-2017-5407

Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information...

6.5CVSS6.8AI score0.02806EPSS
Exploits1References4
Openbugbounty
Openbugbounty
added 2017/03/03 1:46 p.m.10 views

teamgear.us IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-217086 Description| Value ---|--- Affected Website:| teamgear.us Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

6.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/03/02 4:48 p.m.16 views

gotalk.ru IFRAME Injection vulnerability

Vulnerable URL: http://www.gotalk.ru/demo?url=openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 2826351 VIP website status:| No Check gotalk.ru SSL...

7.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/03/01 6:48 p.m.27 views

voyeursexvideos.com IFRAME Injection vulnerability

Vulnerable URL: http://www.voyeursexvideos.com/search.php?sq=" XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 47584 VIP website status:| Yes Check...

7.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/02/25 10:59 p.m.10 views

adoption.com IFRAME Injection vulnerability

Vulnerable URL: https://adoption.com/searchadoption?q=" XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 113299 VIP website status:| No Coordinated Disclosure...

7.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/02/25 10:57 p.m.11 views

cityoflondon.gov.uk IFRAME Injection vulnerability

Vulnerable URL: https://www.cityoflondon.gov.uk/search/results.aspx?k=" XANY Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 10:38 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 104340 VIP websit...

7.3AI score
Exploits0
Rows per page
Query Builder