Mozilla: Information disclosure though Windows file shares and shortcut files (MFSA 2012-37)

Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut aka .lnk file for display within an IFRAME...

WordPress iFrame Admin Pages Plugin 'url' Parameter XSS Vulnerability

WordPress with iFrame Admin Pages Plugin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

WordPress iFrame Admin Pages 0.1 Cross Site Scripting

Hi We have used our tool, THAPS, to identify vulnerabilities in this WordPress plugin. We have confirmed at least one of the reported vulnerabilities and created a working exploit located below. Attached is one or more log files containing the output of our tool, identifying the location of the...

WordPress Plugin iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/53522/info The iFrame Admin Pages plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

X7 Chat 2.0.5.1 - Cross-Site Request Forgery (Add Admin)

Exploit Title: X7 Chat 2.0.5.1 CSRF Add Admin Exploit Google Dork: intitle:"Chat Room" "Powered By X7 Chat 2.0.5" Date: 09.05.2012 Author: DennSpec Software Link: http://x7chat.com/releases/v2/x7chat2051.zip Version: Replace http://xxxxxxxxx.com/x7path/ to your target url. Dont forget replace...

php-decoda Cross-Site Scripting in Video Tags

Exploit for php platform in category web applications Advisory: php-decoda: Cross-Site Scripting in Video Tags RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the PHP markup parser Decoda. This allows attackers that should be restricted to the markup supported by Decoda ...

Opera Browser 'SRC' Denial of Service Vulnerability (Mac OS X)

The host is installed with Opera browser and is prone to denial of service Vulnerability. OpenVAS Vulnerability Test $Id: gboperasrciframedosvulnmacosx.nasl 6018 2017-04-24 09:02:24Z teissa $ Opera Browser 'SRC' Denial of Service Vulnerability Mac OS X Authors: Madhuri D Copyright: Copyright c 20...

Opera Browser 'SRC' Denial of Service Vulnerability - Mac OS X

Opera browser is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Chrome < 18.0.1025.151 Multiple Vulnerabilities

Binary data 6403.pasl...

Google Chrome < 18.0.1025.151 Multiple Vulnerabilities

Binary data 800927.prm...

Opera Browser 'SRC' Denial of Service Vulnerability - Linux

Opera browser is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Opera Cache History Information Disclosure Vulnerability (Linux)

The host is installed with Opera and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gboperacachehistoryinfodiscvulnlin.nasl 5999 2017-04-21 09:02:32Z teissa $ Opera Cache History Information Disclosure Vulnerability Linux Authors: Rachana Shetty Copyright:...

Google Chrome < 18.0.1025.151 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 18.0.1025.151 and is, therefore, affected by the following vulnerabilities : - An out-of-bounds read issue exists related to 'Skia' clipping. CVE-2011-3066 - An error exists related to cross-origin iframe replacement...

idev Game Site CMS v1.0 - Multiple Web Vulnerabilities

Document Title: =============== idev Game Site CMS v1.0 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=494 Release Date: ============= 2012-04-07 Vulnerability Laboratory ID VL-ID: ==================================== 494...

FreeBSD : chromium -- multiple vulnerabilities (057130e6-7f61-11e1-8a43-00262d5ed8ee)

Google Chrome Releases reports : 106577 Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz. 117583 Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov. 117698 High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz. 117728 Hi...

CVE-2011-3067

Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements...

CVE-2011-3067

Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements...

CVE-2011-3067

Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements...

CVE-2011-3067

Removed by vendor...

Stable and Beta Channel Updates

The Chrome Stable and Beta channels have been updated to 18.0.1025.151 on Windows, Mac, Linux and Chrome Frame. This release fixes issues including: black screen on Hybrid Graphics system with GPU accelerated compositing enabled Issue: 117371 CSS not applied to element Issue: 114667 Regression...