109 matches found
Mail.ru: Reflected XSS @ games.mail.ru
Hi, I've found a reflected XSS in games.mail.ru. The vulnerable parameter is url in /r area. PoC - Visit the following URL and click on javascript:alertdocument.domain - Alert will popup with domain. https://games.mail.ru/r/?url=javascript:alertdocument.domain F115537 - Also, to show current...
ww.bankscattlecompany.com XSS vulnerability
Vulnerable URL: http://ww.bankscattlecompany.com/flashdetection.swf?flashContentURL=javascript:alert/XSSPOSED/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculat...
sharp-world.com XSS vulnerability
Vulnerable URL: http://www.sharp-world.com/products/shsoven/contents/flashdetection.swf?flashContentURL=javascript:alert/XSSPOSED/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...
christinedeboosere.com XSS vulnerability
Vulnerable URL: http://www.christinedeboosere.com/flashdetection.swf?flashContentURL=javascript:alert/XSSPOSED/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...
Code injection
Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service apparent browser locking via a crafted web site...
MyBB KingChat Plugin - Persistent XSS
No description provided by source. Exploit Title: MyBB 'kingchat' chat-box plugin. Google Dork: inurl:/kingchat.php? Date: 8/12/12 Author: VipVince Vendor Homepage: http://mods.mybb.com/ Software LinK: http://mods.mybb.com/view/kingchat Tested on: Windows Using the dork inurl:/kingchat.php? you...
Microsoft Internet Explorer 5 ShowHelp Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6780/info Microsoft Internet Explorer implements the showHelp function as a means of displaying help content contained in HTML pages. However, this function is capable of performing too many other actions outside of its...
csChat-R-Box Script Site Cross-Site Scripting Vulnerability
Exploit for cgi platform in category web applications Exploit Title: "csChat-R-Box Script Site" Cross-Site Scripting XSS Google Dork: csChatRBox.cgi Date: 4/10/2014 Exploit Author: Satanic2000 Vendor Homepage: http://www.cgiscript.net Software Link:...
Cross-Site Scripting (XSS) in Ilch CMS
High-Tech Bridge Security Research Lab discovered vulnerability in Ilch CMS, which can be exploited to perform Cross-Site Scripting XSS attacks against users and administrators of vulnerable application. 1 Cross-Site Scripting XSS in Ilch CMS: CVE-2014-1944 The vulnerability exists due to...
DrayTek Vigor 2700 ADSL router contains a command injection vulnerability
Overview DrayTek Vigor 2700 ADSL router version 2.8.3 and possibly earlier versions contain a command injection vulnerability via malicious SSID CWE-77. Description CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' DrayTek Vigor 2700 ADSL router version 2.8...
Dream Flash website management system FCMS v5. 9 newest vulnerabilities 0day-vulnerability warning-the black bar safety net
Dream Flash website management system FCMS v5. 9 the latest vulnerability 0day The database address: xmlEditor/database/@@@datas.mdb Background xmleditor/login. asp admin/admin Message database: guestbook/db/sywl. asp the cookie injected into the drain Vulnerability file: xml/text. asp...
MyBB KingChat Plugin Persistent XSS Vulnerability
Exploit for php platform in category web applications Exploit Title: MyBB 'kingchat' chat-box plugin. Google Dork: inurl:/kingchat.php? Date: 8/12/12 Author: VipVince Vendor Homepage: http://mods.mybb.com/ Software LinK: http://mods.mybb.com/view/kingchat Tested on: Windows Using the dork...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a JavaScript alert function used in conjunction with the fromCharCode method, 2 a SCRIPT element, 3 a Cascading Style Sheets CSS...
CVE-2012-2578
Multiple cross-site scripting XSS vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a JavaScript alert function used in conjunction with the fromCharCode method, 2 a SCRIPT element, 3 a Cascading Style Sheets CSS...
Unfixed XSS vulnerability at www.jettec.com
Security researcher NanoyMaster, has submitted on 09/02/2010 a cross-site-scripting XSS vulnerability affecting www.jettec.com, which at the time of submission ranked 1023463 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/07/2010. It is...
CVE-2008-4382
Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service application crash via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters...
CVE-2008-3950
Off-by-one error in the webdrawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service browser crash via a JavaScript alert call with an argument that lacks breakabl...
CVE-2008-3950
Off-by-one error in the webdrawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service browser crash via a JavaScript alert call with an argument that lacks breakabl...
Unfixed XSS vulnerability at www.bargainoutfitters.com
Security researcher tenest, has submitted on 28/10/2007 a cross-site-scripting XSS vulnerability affecting www.bargainoutfitters.com, which at the time of submission ranked 181557 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/11/2007. It i...
CVE-2007-0148
Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service application crash or execute arbitrary code via format string specifiers in the Javascript alert function...