5118 matches found
[Full-disclosure] Konqueror DoS Via JavaScript Read Of FTP Iframe
Summary Konqueror crashes if JavaScript code tries to read the source of a child iframe which is set to an ftp:// URL. Impact It is possible for malicious websites to crash Konqueror and possibly other applications with rely on KJS. Details The KDE JavaScript implementation, KJS has been found to...
KDE Konqueror 3.5 - JavaScript IFrame Denial of Service
source: https://www.securityfocus.com/bid/22814/info KDE Konqueror is prone to a remote denial-of-service vulnerability because of an error in KDE's JavaScript implementation. An attacker may exploit this vulnerability to cause Konquerer to crash, resulting in denial-of-service conditions...
Konqueror 3.5.5 - JavaScript Read of FTP Iframe Denial of Service
Demo of how to make Konqueror 3.5.5 crash by [email protected]. Simply load this file in Konqueror. Vulnerable versions should segfault instantly with a null pointer exception. readiframe = functioniframename var banner = document.getElementByIdiframename.contentWindow.document.body.innerHTML;...
CVE-2006-7065
Microsoft Internet Explorer allows remote attackers to cause a denial of service crash via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference...
CVE-2006-7065
Microsoft Internet Explorer allows remote attackers to cause a denial of service crash via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference...
CVE-2006-7022
The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe...
CVE-2006-7022
The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe...
CVE-2006-7022
The CVE-2006-7022 entry concerns fx-APP 0.0.8.1, where the Tools module allows remote attackers to misrepresent a web page’s contents by supplying an arbitrary URL in the url parameter to the showhtml action of index.php, causing that URL to render inside an iframe. The available description expl...
Cross site scripting
Cross-site scripting XSS vulnerability in the IFrame module before 03.02.01 for DotNetNuke DNN allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values."...
CVE-2007-0660
Cross-site scripting XSS vulnerability in the IFrame module before 03.02.01 for DotNetNuke DNN allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values."...
CVE-2007-0660
The CVE-2007-0660 issue affects the DotNetNuke (DNN) IFrame module prior to version 03.02.01. The vulnerability stems from improper validation of user-supplied input in the pass-through values, leaving them unfiltered and susceptible to XSS. A remote attacker can exploit this by using crafted URL...
CVE-2007-0192
Cross-site request forgery CSRF vulnerability in the savemain operation in the adperms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admi...
CVE-2007-0192
The CVE-2007-0192 CSRF vulnerability affects MKPortal’s admin.php in the save_main operation (ad_perms) where an attacker can induce privilege changes. The issue is exposed via a crafted getURL in a .swf loaded in an IFRAME, enabling remote modification of privilege settings (All Guests are Admin...
phpBB 2.0.21 - privmsg.php HTML Injection
phpBB 2.0.21 - privmsg.php HTML Injection source: https://www.securityfocus.com/bid/22001/info phpBB is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and scri...
phpBB (privmsg.php) XSS Exploit
phpBB privmsg.php XSS Exploit By: Demential Web: http://headburn.altervista.org E-mail: [email protected] PhpBB website: http://phpbb.com Exploit tested on phpBB 2.0.21 Secunia.com said: Input passed to the form field "Message body" in privmsg.php is not properly sanitised before it is returned to...
CVE-2007-0099
Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service application crash via many nested tags in an XML document in an IFRAME, when synchronous...
CVE-2007-0099
CVE-2007-0099 describes a race-condition in Microsoft XML Core Services 3.0 (MSXML3) used by Internet Explorer 6 and other apps. The flaw can be triggered by many nested XML tags in an IFRAME when synchronous rendering is disrupted by asynchronous events (e.g., JavaScript timers), leading to NULL...
ffoxdie.txt
= 9 setTimeout'foo',3000; else if counter = 6 setTimeout'foo',200; else setTimeout'foo',1000; counter++; else document.getElementById'foo'.src = "http://lcamtuf.coredump.cx/ffoxdieok.html"; // -- Tyger, Tyger. burning bright In the forests of the night, What immortal hand or eye Could frame thy...
Beware of being black with caution eWebEditor online editor-vulnerability warning-the black bar safety net
Network popular the website is news, forums, e-Mall as well as the blog. These systems will be required to have set the text size, color and insert images and other functions, so on the network there is a corresponding third-party functional components to complete the corresponding function, such...
security flaw
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...