5123 matches found
IFRAME sandbox same-origin access through redirect — Mozilla
Mozilla developer Boris Zbarsky discovered an issue where network-level redirects cause an sandbox to forget its unique origin and behave as if the allow-same-origin keyword were applied. This allows the sandboxed content to access other content from the same origin without explicit approval...
UBUNTU-CVE-2014-1552
Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2014-66 IFRAME sandbox same-origin access through redirect MFSA 2014-65 Certificate parsing broken by non-standard character encoding MFSA 2014-64 Crash in Skia library when scaling high quality images MFSA 2014-63 Use-after-free while when manipulating...
Simple Machines Forum <= 1.1.7 - CSRF/XSS/Package Upload
No description provided by source. Author: Xianur0 Vulnerable Version: All The Bug is located in the file: Sources/PackageGet.php Example: http://victm.com/index.php?action=packageget;sa=browse;absolute=http://attacker.com When the admin link between the SMF to load the file:...
CKEditor < 4.1 - Persistent XSS WYSIWYG module Drupal 6.x & 7.x
No description provided by source. Exploit Title: Persistent XSS in wysiwyg CKEditor 4.1 Drupal 6.x & 7.x Date: 15/05/2013 Exploit Author: r0ng Vendor Homepage: http://www.websitesecurityscan.net, http://www.hackers2devnull.blogspot.co.uk Software Links: http://ckeditor.com/release/CKEditor-4.0.3...
pilot cart 7.3 - Multiple Vulnerabilities
No description provided by source. Title: ASPilot Pilot Cart 7.3 multiple vulnerabilities Date: 07.11.2010 Author: Ariko-Security Software Link: http://www.pilotcart.com Version: 7.3 CVE Reference: CVE-2008-2688 only 1 SQL injection EDB-ID: 5765 only 1 SQL injection Ariko-Security: Security Audit...
Mozilla Thunderbird 1.5 - Multiple Remote Information Disclosure Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/16881/info Mozilla Thunderbird is susceptible to multiple remote information-disclosure vulnerabilities. These issues are due to the application's failure to properly enforce the restriction for downloading remote content...
Edimax AR-7084GA Router CSRF + Persistent XSS Exploit
No description provided by source. ?php / Edimax AR-7084GA Router CSRF + Persistent XSS Exploit Firmware version: 2.9.8.1RUE0.C2A3.7.6.1 Vulnerable page: http://xx.xx.xx.xx/advanced/advnatvirsvr.htm Author: l3D Sites: http://xraysecurity.blogspot.com, http://nullbyte.org.il IRC: irc://irc.nix.co....
Shop a la Cart Multiple Vulnerabilities
No description provided by source. Exploit Title: Multiple vulnerabilities in SHOP A LA CART Date: 03.09.2010 Author: Ariko-Security Software Link: http://shopalacart.com Version: ALL Tested on: ALL CVE : n/a Ariko-Security: Security Audits , Audyt bezpiecze?stwa Advisory: 728/2010 ============...
PHPSelect Submit-A-Link HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17348/info Submit-A-Link is prone to an HTML-injection vulnerability. The script fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code woul...
Apple Safari 3 for Windows Protocol Handler Command Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24434/info Apple Safari for Windows is prone to a protocol handler command-injection vulnerability. Exploiting the issue allows remote attackers to pass arbitrary command-line arguments to any application that can be call...
Opera Web Browser 7.5x IFrame OnLoad Address Bar URL Obfuscation Weakness
No description provided by source. source: http://www.securityfocus.com/bid/10679/info Opera Web Browser is prone to a security weakness that may permit malicious web pages to spoof address bar information. It is currently not known if this issue is related to the Opera Web Browser Address Bar...
Multiple Mozilla Products IFRAME JavaScript Execution Vulnerabilit
No description provided by source. source: http://www.securityfocus.com/bid/16770/info Multiple Mozilla products are prone to a script-execution vulnerability. The vulnerability presents itself when an attacker supplies a specially crafted email to a user containing malicious script code in an...
KDE Konqueror 3.5 JavaScript IFrame Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/22814/info KDE Konqueror is prone to a remote denial-of-service vulnerability because of an error in KDE's JavaScript implementation. An attacker may exploit this vulnerability to cause Konquerer to crash, resulting in...
Opera 5.12/6.0 Frame Location Same Origin Policy Circumvention Vulnerability
... Opera是一款由Opera Software开发和维护的WEB浏览器产品,可使用在Linux和Unix操作系统下,也可使用在Microsoft Windows操作系统下。 ... Opera在处理浏览器同源策略时存在漏洞,可导致远程攻击者在用户浏览器不同的帧中执行脚本代码。 ... Opera允许Javascript修改包含在文档中IFRAME或者FRAME的Location属性,如果一IFRAME或者FRAME的Location设置JavaScript:...
Opera Web Browser 7.0 - Remote IFRAME Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10081/info A denial of service vulnerability has been reported to affect Opera Web Browser. The issue is reported to present itself when Opera attempts to render IFRAME HTML tags that contain an invalid source argument. A...
Microsoft Internet Explorer 6.0 Resource Detection Weakness
No description provided by source. source: http://www.securityfocus.com/bid/11026/info Microsoft Internet Explorer is prone to a security weakness that may permit an attacker to determine the existence of resources on a vulnerable computer. An attacker can use an IFRAME that is accessible within...
Invision Power Board 1.x/2.0 HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12888/info Invision Power Board is reported prone to an HTML injection vulnerability. This issue arises due to insufficient sanitization of user-supplied data. It is reported that due to a lack of filtering of HTML tags, ...
Mozilla Firefox 1.0.6/1.0.7 IFRAME Handling Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15015/info Mozilla Firefox is prone to a remote denial of service vulnerability. The vulnerability presents itself when an affected browser handles a specially crafted IFRAME. A successful attack may result in crashing th...
Mozilla Firefox 2.0.0.14 - JSframe Heap Corruption Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/29318/info Mozilla Firefox is prone to a remote denial-of-service vulnerability when running certain JavaScript commands on empty applets in an iframe. Successful exploits can allow attackers to crash the affected browser...