kdelibs KDE JavaScript denial of service (crash)

ecma/kjshtml.cpp in KDE JavaScript KJS, as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service crash by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference...

gmailsteal_remote.scpt.txt

-- This script can be used to steal gmail's keychained password by injecting -- Javascripts into Safari. When executed it opens gmail's login page, reads -- saved password and sends it to a logging server by creating an hidden iframe -- into gmail's page. It can be easly modified to steal other...

hackflatnuke.txt

/ hackflatnuke.txt Tested on 2.6 FlatNuke version can work on 3 but it has to be modified With this trick you can steal/modifie a flatnuke account by changing the password and all the profile or change your profile and become an admin Requirements: - You have to know the nickname of the account u...

telemark-xss.txt

Title : Telemark XSS Description : The Telemark telemark.com search engine is vulnerable to XSS Author : Tosser E-mail : [email protected] Proof :...

GLSA-200708-09 : Mozilla products: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200708-09 Mozilla products: Multiple vulnerabilities Mozilla developers fixed several bugs, including an issue with modifying XPCNativeWrappers CVE-2007-3738, a problem with event handlers executing elements outside of the documen...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "" in 1 the onerror attribute of an IMG element, 2 the onload attribute of an IFRAME element, or 3 redirect users to other sites via the...

CVE-2007-4212

Multiple cross-site scripting XSS vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "" in 1 the onerror attribute of an IMG element, 2 the onload attribute of an IFRAME element, or 3 redirect users to other sites via the...

Firefox about:blank IFRME帧跨域访问漏洞

BUGTRAQ ID: 24286 CVECAN ID: CVE-2007-3089 Mozilla Firefox是一款流行的开源WEB浏览器。 Firefox在处理文件加载时存在漏洞，远程攻击者在特定情况下可能利用此漏洞欺骗地址栏方便执行钓鱼攻击。 在加载页面阶段或about:blank帧的情况下，Firefox允许使用document.write替换IFRAME帧。如果用户从脚本打开了窗口，在加载页面期间就可能在短时间内欺骗新打开窗口帧的内容，执行网络钓鱼类的攻击。 Mozilla Firefox 2.0.0.5 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

security flaw

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME 1 during the load stage or 2 in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystrok...

security flaw

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME 1 during the load stage or 2 in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystrok...

security flaw

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME 1 during the load stage or 2 in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystrok...

Session Riding and multiple XSS in WebCit

Vendor contacted: 2007-06-24 Affects: Webcit 7.11 Fixed: 2007-07-06 WebCit 7.11 1. Background WebCit is the webfrontend to administer and use Citadel, which is an open-source groupware server. 2. Session Riding 2.I. Problem Description It is possible for an attacker to execute actions in the name...

MPack with virtual hosting and PHP security-vulnerability warning-the black bar safety net

MPack is by a self-proclaimed "Dream Coders Team" of the organization development of the PHP program, which contain a number of the latest exploit code can be used to manipulate the distal end of attacks on Panda Labs at the end of last year when for the first time found that, at the time someone...

Design/Logic Flaw

Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI...

CVE-2007-3186

Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI...

CVE-2007-3186

Apple Safari Beta 3.0.1 for Windows is affected by a vulnerability where remote attackers can execute arbitrary commands via shell metacharacters in a URI found in the SRC attribute of an IFRAME, demonstrated with a gopher URI. The issue allows command execution through crafted URIs loaded in an ...

Apple Safari 3 for Windows - Protocol Handler Command Injection

Apple Safari 3 for Windows - Protocol Handler Command Injection source: https://www.securityfocus.com/bid/24434/info Apple Safari for Windows is prone to a protocol handler command-injection vulnerability. Exploiting the issue allows remote attackers to pass arbitrary command-line arguments to an...

Apple Safari 3 for Windows - Protocol Handler Command Injection

source: https://www.securityfocus.com/bid/24434/info Apple Safari for Windows is prone to a protocol handler command-injection vulnerability. Exploiting the issue allows remote attackers to pass arbitrary command-line arguments to any application that can be called through a protocol handler. Thi...

Code injection

Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results...

Mozilla Firefox allows cross-domain iframe access via JavaScript

Overview Mozilla Firefox allows cross-domain access to an iframe. This vulnerability could allow an attacker to interact with a web site in a different domain. The attacker could read content and cookies, capture keystrokes, and modify content. Description An iframe is an HTML element which allow...