Wordpress FuneralPress Plugin 1.1.6 - Persistent XSS

Exploit for php platform in category web applications A low-privilege or guest user can inject code via the , and elements which are part of the wpfhuploadform form in http://site/obituaries/?id=ID&f=guestbook&m=add Scripts injected via the "photo-message" and "youtube-message" elements will be...

WordPress FuneralPress 1.1.6 Cross Site Scripting

WP FuneralPress - stored xss in guestbook "FuneralPress is an online website obituary management and guest book program for funeral homes and cemeteries" http://wpfuneralpress.com/ tested on: funeralpress version 1.1.6 / wordpress version 3.5.1 impact: malicious script execution as wordpress...

ViewGit 0.0.6 Cross Site Scripting

Vulnerability Report Author: Matthew R. Bucci Date: 18 March, 2013 CVE-2013-2294 Description of Vulnerability: ----------------------------- ViewGit "is a git web repository viewer that aims to be easy to set up and upgrade, light on dependencies, and comfortable to use."...

DEBIAN-CVE-2013-0213

The Samba Web Administration Tool SWAT in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a 1 FRAME or 2 IFRAME element...

CVE-2013-0213

The Samba Web Administration Tool SWAT in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a 1 FRAME or 2 IFRAME element...

CVE-2013-0213

The Samba Web Administration Tool SWAT in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a 1 FRAME or 2 IFRAME element...

Debian Security Advisory DSA 2617-1 (samba - several issues)

Jann Horn had reported two vulnerabilities in Samba, a popular cross-platform network file and printer sharing suite. In particular, these vulnerabilities affect to SWAT, the Samba Web Administration Tool. CVE-2013-0213: Clickjacking issue in SWAT An attacker can integrate a SWAT page into a...

Report: Mainstream Websites Host Majority of Malware

While Android malware continues to grow faster than other malware types, it still accounts for only a minute fraction of all malware on the Web, according to Cisco’s annual security report released this week. Compromised websites hosting malicious Java and iFrame attacks and other malware far and...

CVE-2013-0751

CVE-2013-0751 affects Mozilla Firefox on Android (before 18.0) and SeaMonkey (before 2.15). The root cause is that a touch event on an HTML document can be observed across multiple IFRAMEs, enabling information leakage and potentially cross-site scripting (XSS). The issue is noted in the Firefox/...

WordPress Pingback Vulnerability Could Lead to DDoS Attacks

A pingback vulnerability exists in the WordPress blogging platform that could leak information and lead to distributed denial of service DDoS attacks if the right script is run, according to web application security firm Acunetix. A pingback is technically something blog owners rely on to track w...

DDoS Attacks on Major US Banks Resurface

UPDATE — The group that claimed responsibility for large-scale distributed denial-of-service attacks against major U.S. banks in September and October has carried out another flurry of attacks that are still ongoing today. Izz ad-Din al-Qassam Cyber Fighters posted its latest threat on Pastebin,...

Joomla, WordPress Sites Hit by IFrame Injection Attacks

Users of the popular Joomla content management system are being urged by security experts to upgrade to the latest version after reports of exploits being used to compromise websites built on the platform. The SANS Internet Storm Center received numerous reports that Joomla sites, as well as...

CVE-2012-6301

The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service application crash via a crafted market: URI in the SRC attribute of an IFRAME element...

Input validation

The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service application crash via a crafted market: URI in the SRC attribute of an IFRAME element...

CVE-2012-6301

The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service application crash via a crafted market: URI in the SRC attribute of an IFRAME element...

GreenBrowser iframe Handling Double Free Vulnerability (Windows)

This host is installed with GreenBrowser and is prone to double free vulnerability. OpenVAS Vulnerability Test $Id: gbgreenbrowserdoublefreevulnwin.nasl 6022 2017-04-25 12:51:04Z teissa $ GreenBrowser iframe Handling Double Free Vulnerability Windows Authors: Rachana Shetty Copyright: Copyright c...

64-bit Debian Linux Rootkit with nginx Doing iFrame Injection - Active Check

Debian Squeeze Linux Rootkit with nginx is prone to iframe injection. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nginx:nginx...

CVE-2012-6041

Double free vulnerability in GreenBrowser before 6.0.1002, when the keyword search bar F6 is activated, allows remote attackers to execute arbitrary code via a crafted iframe...

Double free

Double free vulnerability in GreenBrowser before 6.0.1002, when the keyword search bar F6 is activated, allows remote attackers to execute arbitrary code via a crafted iframe...

CVE-2012-6041

Double free vulnerability in GreenBrowser before 6.0.1002, when the keyword search bar F6 is activated, allows remote attackers to execute arbitrary code via a crafted iframe...