Researchers Warn of New Windows 7 Vulnerability

Researchers are warning about a new remotely exploitable vulnerability in 64-bit Windows 7 that can be used by an attacker to run arbitrary code on a vulnerable machine. The bug was first reported a couple of days ago by an independent researcher and confirmed by Secunia. In a message on Twitter,...

Microsoft Internet Explorer IFRAME装载信息泄露漏洞

Bugtraq ID: 51065 CVE ID：CVE-2011-4689 Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer 6到9版本中存在漏洞，在IFRAME加载尝试过程中，没有正确防止在违反同源策略所需的时间里采集数据，远程攻击者构建包含恶意JavaScript代码的WEB页，诱使用户解析，可判断目标用户浏览器缓存中的文件 0 Microsoft Internet Explorer 7.0.5730 .11 Microsoft Internet Explorer 9 Microsoft...

Google Chrome IFRAME装载信息泄露漏洞

Bugtraq ID: 51068 CVE ID：CVE-2011-4691 Google Chrome是一款流行的WEB浏览器。 Google Chrome 15.0.874.121及其之前的版本中存在漏洞，在IFRAME加载尝试过程中，没有正确防止在违反同源策略所需的时间里采集数据，远程攻击者构建包含恶意JavaScript代码的WEB页，诱使用户解析，可判断目标用户浏览器缓存中的文件。 0 Google Chrome = 15.0.874.121 厂商解决方案 目前没有详细解决方案提供： http://www.google.com/chrome 测试方法...

i4Style Web Design SQL Injection / Cross Site Scripting

Title : i4Style web design SQL Injection / IFrame Injection + Author : AngelParrot + Vendor : http://i4style.com/ + Google Dork : inurl:webpage.php?PageID= "i4Style" + Exploit - http://example.com/webpage.php?PageID=SQL - http://example.com/webpage.php?PageID=IFrame + Example -...

FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities

FCMS2.7.2 cms and earlier multiple CSRF Vulnerability =================================================================================== Exploit Title: FCMS2.7.2 cms multiple CSRF Vulnerability Download link...

Design/Logic Flaw

Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

CVE-2011-4688

Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

Design/Logic Flaw

Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

CVE-2011-4690

Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

CVE-2011-4690

CVE-2011-4690 affects Opera 11.60 and earlier. The vulnerability arises because Opera does not prevent capturing timing data related to Same Origin Policy violations during IFRAME loading, enabling remote attackers to determine whether a document exists in the browser cache via crafted JavaScript...

CVE-2011-4688

CVE-2011-4688 affects Mozilla Firefox 8.0.1 and earlier. The issue enables an attacker to infer whether a document is present in the browser cache by observing data related to the timing of Same Origin Policy violations during iframe load attempts, via crafted JavaScript. The OpenVAS entries corr...

Yahoo Messenger Exploit Changes Status Messages

Security researchers at BitDefender are warning users about a new Yahoo! Messenger vulnerability that allows an attacker to change victims’ status updates. According to the security firm, the situation has been exploited in the wild to target version 11.x of the Messenger client. The vulnerabilit...

Unfixed XSS vulnerability at www.bravo.ee

Security researcher secrgb, has submitted on 13/11/2011 a cross-site-scripting XSS vulnerability affecting www.bravo.ee, which at the time of submission ranked 14207079 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/12/2011. It is currently...

Opera 10/11 (bad nesting with frameset tag) Memory Corruption

Exploit for windows platform in category remote exploits Exploit for Opera 10/11 bad nesting with frameset tag Memory Corruption Vulnerability: Discovered: 2010-08-18 Patched: 2011-05-18 Tested on: v10.xx v10.00, v10.01, v10.10, v10.50, v10.51, v10.52, v10.53, v10.54, v10.6, v10.61, v10.62 and...

Mysql.com hacked, serving BlackHole exploit malware

Mysql.com hacked, serving BlackHole exploit malware MySQL.com website is currently hacked and compromised with a JavaScript malware and serving malware to anyone visiting it. The mysql.com website is injected with a script that generates an iFrame that redirects the visitors to...

Mysql.com hacked, serving BlackHole exploit malware

Mysql.com hacked, serving BlackHole exploit malware MySQL.com website is currently hacked and compromised with a JavaScript malware and serving malware to anyone visiting it. The mysql.com website is injected with a script that generates an iFrame that redirects the visitors to...

MHTML Mime-Formatted Request Vulnerability

No description provided by source. MHTML Mime-Formatted Request Vulnerability Again Author: www.80vul.com Email:5up3rh3igmail.com Release Date: 2011/09/23 Release: http://www.80vul.com/mhtml/mhtml-again.txt Overview: After MS11-057,I tested and found "MHTML Mime-Formatted Request Vulnerability"...

Iframe Vulnerability in Google App Engine (Appspot)

Iframe Vulnerability in Google App Engine Appspot An Indian Hacker "Ethical Mohit" have found in Iframe Vulnerability in Contact Desk page of Google App Engine Appspot. 1 Proof of Concept : Click Here 2 Proof of Concept : Click Here Google App Engine lets you run your web applications on Google's...

Iframe Vulnerability in Google App Engine (Appspot)

Iframe Vulnerability in Google App Engine Appspot An Indian Hacker "Ethical Mohit " have found in Iframe Vulnerability in Contact Desk page of Google App Engine Appspot. 1 Proof of Concept :Click Here 2 Proof of Concept :Click Here Google App Engine lets you run your web applications on Google's...

CentOS Update for seamonkey CESA-2011:0473 centos4 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...