5123 matches found
Design/Logic Flaw
The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory...
CVE-2011-2598
The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory...
M86 Researchers Discover Short-Lived IE 0-Day
Researchers from M86 claim to have discovered a 0-day exploit for Internet Explorer that is being used in the wild, according to Avri Schneider, an M86 researcher. Writing for an M86 blog yesterday, Schneider said that the company’s team of researchers discovered a piece of JavaScript on the page...
Opera Web Browser 11.11 - Remote Crash
/ Opera 11.11 Remote Crash Software link: http://www.opera.com/download/ Tested on: Win32 xp home sp 3 CVE : null Im too lazy to deep analyze this ,but i thing is just unexploitable crash so fjixvt dla klechis³awa i jego kosiarki :i / var a = window.document.getElementById'bo0om'; var b =...
Microsoft Internet Explorer Cookie Hijacking Vulnerability
The host is installed with Internet Explorer and is prone to cookie hijacking vulnerability. This NVT has been replaced by NVT secpodms11-057.nasl OID:1.3.6.1.4.1.25623.1.0.902613. OpenVAS Vulnerability Test $Id: gbmsie9cookiehijackingvuln.nasl 6526 2017-07-05 05:43:52Z cfischer $ Microsoft...
Microsoft Internet Explorer Cookie Hijacking Vulnerability
The host is installed with Internet Explorer and is prone to cookie hijacking vulnerability. OpenVAS Vulnerability Test $Id: gbmsiecookiehijackingvuln.nasl 6526 2017-07-05 05:43:52Z cfischer $ Microsoft Internet Explorer Cookie Hijacking Vulnerability Authors: Sooraj KS Copyright: Copyright c 201...
Microsoft Internet Explorer Cookie Hijacking Vulnerability
Internet Explorer is prone to cookie hijacking vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cross site scripting
Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrat...
Information disclosure
Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrat...
[hack4sec] XSS: Разведка боем.
Автор: Кузьмин Антон [email protected] Команда: Hack4sec [email protected] Дата: 30-05-2011 PDF-вариант: Здравствуйте. В данной статье я хочу привести один не стандартный пример использования XSS-уязвимостей. По крайней мере раньше я ни разу не видел чтоб подобные вещи где-то...
Geek.com Hacked, Found Hosting Exploit Kit
The security geeks at Geek.com were busy this weekend, after Web security firm zScaler found evidence that an exploit kit was using malicious iframe attacks to try to attack visitors to the company’s Web site, according to a Zscaler report Sunday. A post on the web security firm’s blog indicated...
A DNS suffix may lead to cross-domain security issues-vulnerability warning-the black bar safety net
We all know that dhcpd can be set in which the client's DNS suffix. For example, if we set the DNS suffix"sb.com”when we visit www. sb. com, all clients will use the DHCP server and try the following sequence for resolution. Note: the following green font are representative of the Main Domain Nam...
Goal.com Hacked, found to be serving malware !
According to Armorize, soccer news site Goal.com was recently found to be serving malware. "In an analysis of the attack, Armorize researcher Wayne Huang suggests that a hacker specifically targeted and compromised Goal.com through a back-door that allowed the attacker to manipulate the site's...
seamonkey security update
CentOS Errata and Security Advisory CESA-2011:0473 Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS ba...
Mozilla crash from bad iframe source (MFSA 2011-12)
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code vi...
Critical: Red Hat Security Advisory: thunderbird security update
An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Mozilla crash from bad iframe source (MFSA 2011-12)
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code vi...
Mozilla crash from bad iframe source (MFSA 2011-12)
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code vi...
Mozilla crash from bad iframe source (MFSA 2011-12)
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code vi...
Internet Explorer Malformed IFRAME Buffer Overflow (MS04-040; CVE-2004-1050)
Internet Explorer IE is a popular web browser developed by Microsoft corporation. A buffer overflow vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is in the way Microsoft Internet Explorer parses certain parameters of an IFRAME tag. An attacker can exploit this...