Lucene search
K

5125 matches found

exploitpack
exploitpack
added 2017/02/24 12:0 a.m.27 views

Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass

Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass DOMWindow::openconst String& urlString, const AtomicString& frameName, const String& windowFeaturesString, DOMWindow& activeWindow, DOMWindow& firstWindow ... ---------------- 1 ----------------------- if...

7.4AI score
Exploits0
0day.today
0day.today
added 2017/02/24 12:0 a.m.55 views

Apple WebKit Pop-Up Blocker Bypass Exploit

AppleWebKit suffers from a bypass in the pop-up blocker via a cross-origin or sandboxed iframe. Apple WebKit: Bypass pop-up blocker via cross-origin or sandboxed iframe. CVE-2017-2371 The second argument of window.open is a name for the new window. If there's a frame that has same name, it will t...

4.3CVSS7.6AI score0.05719EPSS
Exploits2
Exploit DB
Exploit DB
added 2017/02/24 12:0 a.m.38 views

Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass

DOMWindow::openconst String& urlString, const AtomicString& frameName, const String& windowFeaturesString, DOMWindow& activeWindow, DOMWindow& firstWindow ... ---------------- 1 ----------------------- if !firstWindow.allowPopUp tree.findframeName return nullptr;...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2017/02/23 12:0 a.m.45 views

Apple WebKit: Bypass pop-up blocker via cross-origin or sandboxed iframe (CVE-2017-2371)

The second argument of window.open is a name for the new window. If there's a frame that has same name, it will try to load the URL in that. If not, it just tries to create a new window and pop-up. But without the user's click event, its attempt will fail. Here's some snippets. RefPtr...

4.3CVSS7.6AI score0.05719EPSS
Exploits2
Openbugbounty
Openbugbounty
added 2017/02/22 10:46 a.m.19 views

loopsuae.com IFRAME Injection vulnerability

Vulnerable URL: http://loopsuae.com/searchresults.php?action=dosearch="' XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 11554439 VIP website status:| No Check...

7.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/02/22 10:35 a.m.10 views

usa-fund.com IFRAME Injection vulnerability

Vulnerable URL: http://www.usa-fund.com/controlpanel/index.php Details: Description| Value ---|--- Patched:| No Latest check for patch:| 04.08.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...

7.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/02/19 7:31 p.m.24 views

theecologist.org IFRAME Injection vulnerability

Vulnerable URL: http://www.theecologist.org/search.php?q=" XANY Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 10:34 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 197358 VIP website status:| No...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2017/02/17 4:18 a.m.123 views

HackerOne: Stealing contact form data on www.hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP

Hi, I just discovered that there's a scenario where the Marketo Forms solution being used on www.hackerone.com can actually be abused, using a few fun techniques, to trigger an XSS in the Cross-Origin-iframe being used by Marketo. This results in eavesdropping of the data being sent in the...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/02/17 2:34 a.m.12 views

wunderground.com IFRAME Injection vulnerability

Vulnerable URL: https://www.wunderground.com/DisplayDisc.asp?DiscussionCode=BOX=MA=Boston" XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 732 VIP website status:|...

7.3AI score
Exploits0
Veracode
Veracode
added 2017/02/16 7:7 a.m.6 views

Origin Null Vulnerability

rack-cors is vulnerable to an origin null vulnerability. When an iframe contains html code for its source instead of a URL, a website using rack-cors and allowing file:// does not prevent browsers to send null origins...

6.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/02/15 12:58 p.m.19 views

bu.edu IFRAME Injection vulnerability

Vulnerable URL: https://www.bu.edu/phpbin/lawyearbooks/results.php Details: Description| Value ---|--- Patched:| Yes, at 15.12.2017 Latest check for patch:| 15.12.2017 07:38 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 4258 VIP website status:| Y...

7.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/02/13 3:27 p.m.16 views

liveinternet.ru IFRAME Injection vulnerability

Vulnerable URL: http://www.liveinternet.ru/search/?q=test-2===" XANY Details: Description| Value ---|--- Patched:| Yes, at 12.09.2017 Latest check for patch:| 12.09.2017 11:05 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 1054 VIP website status:|...

7.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/02/13 3:18 p.m.12 views

statecollege.com IFRAME Injection vulnerability

Vulnerable URL: http://www.statecollege.com/search/results.php?SearchString=" XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 238627 VIP website status:| No...

7.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/02/13 8:32 a.m.10 views

cxc.harvard.edu IFRAME Injection vulnerability

Vulnerable URL: http://cxc.harvard.edu/vguide/details.php?agascid='" XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| ...

7.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/02/13 8:30 a.m.12 views

find.medinfo.ufl.edu IFRAME Injection vulnerability

Vulnerable URL: https://find.medinfo.ufl.edu/dosearch.php?name=" XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No...

7.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/02/13 8:22 a.m.17 views

cne.gov.co IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-213274 Description| Value ---|--- Affected Website:| cne.gov.co Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

6.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/02/13 8:8 a.m.14 views

presscouncil.az IFRAME Injection vulnerability

Vulnerable URL: http://www.presscouncil.az/az/search.php?query= XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 2227385 VIP website status:| No Coordinated...

7.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/02/13 8:5 a.m.14 views

androidappsgame.com IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-213269 Description| Value ---|--- Affected Website:| androidappsgame.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

6.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/02/13 8:3 a.m.13 views

appsonplaystore.com IFRAME Injection vulnerability

Vulnerable URL: https://appsonplaystore.com/search?q=" XANY Details: Description| Value ---|--- Patched:| Yes, at 17.02.2017 Latest check for patch:| 17.02.2017 05:01 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 641759 VIP website status:| No...

7.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/02/13 8:0 a.m.9 views

girly.today IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-213267 Description| Value ---|--- Affected Website:| girly.today Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

6.7AI score
Exploits0
Rows per page
Query Builder