132 matches found
CVE-2017-5387
CVE-2017-5387 affects Mozilla Firefox (pre-51). Root cause: local-file existence can be inferred via double firing of onerror when a TRACK tag references a non-existent source loaded locally. Impact: disclosure of local file existence; no explicit exploitation details provided in the sources. Aff...
CVE-2017-5387
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox 51...
Dolibarr 7.0.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The...
IRCCloud: [IRCCloud Android] XSS in ImageViewerActivity
Hi, I'd like to report HTML/JS injection in activity com.irccloud.android.activity.ImageViewerActivity which is exported: xml so can be launched by arbitrary apps installed on the same device. On the newest Androids could be exploited also by Android Instant Apps directly from a web-browser...
UBUNTU-CVE-2017-5387
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox 51...
pagesjaunes.ca XSS vulnerability
Vulnerable URL: http://www.pagesjaunes.ca/locations/Alberta/landmarks-1%3Cvideo%3E%3Csource%20onerror=%22javascript:prompt%28'XSSPOSED'%29%22%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...
ds36.ru XSS vulnerability
Vulnerable URL: http://www.ds36.ru/firms/?text=%3Cimg%20src=x%20onerror=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1783484 Google Pagerank| 1 VIP...
Microsoft Internet Explorer 5 JavaScript Local File Enumeration Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/3779/info Microsoft Internet Explorer is prone to a vulnerability which may disclose sensitive information to a malicious webmaster. When script code includes a file outside of the document it is embedded in and the file...
discuz x3.0 20130801版本发表日志可xss
简要描述: 论坛开启日志功能的情况下,发表日志,在引入网络图片时可以实现xss。 详细说明: 一、详细说明: 1、论坛开启日志功能。 2、用户登录后打开日志功能。 3、发表日志,在引入网络图片时可以实现xss。 在ubuntu12.04LTS下搭建的apache2+php+mysql环境下,使用一切默认设置可以再现此漏洞,但我使用win2003时,之前能够再现,在没有更新配置的情况下发现今天不可再现此漏洞,onerror被替换成了点(.) 漏洞证明: 1、登录后打开日志模块。 2、发表日志,内容如下: 3、单击提交 4、提交日志后再浏览日志。...
绕过startbbs防御继续盲打管理员(两种方法)
简要描述: startbbs已经对xss有过滤措施,但是有办法绕过。这里我依然以官方为demo作为测试,因为官方的是最新版。 详细说明: 问题出现在发帖的正文文本框:盲打的概率非常高的。 测试了常规的html代码,发现只剩下img标签,其他的都被过滤了,因此可以在img上能发挥作用的只有on系列的事件了。 测试尝试和之前那样 发布上面的代码,发现过滤成下面这样: 尝试用javascript:伪协议去触发:但是又被过滤成这样: 也就是常规的在敏感字符那加入x 来让事件等功能失效。 到了这一步,暂时没有了头绪。 过了几天之后忽然想到之前新浪邮箱的过滤方式也是如此。...
Reflected XSS in 'where' param of doSearchSite
Olivier Beg reported quote noformathttps://confluence.atlassian.com/dosearchsite.action?queryString=%22%3E&startIndex=0&lastModified=LASTWEEK&where=confall%22%3E%3Cimg%20src=x%20onerror=alert1%3Enoformat I asume he is DOM based because he works in google chrome. quote This results in code:html co...
CVE-2013-1095
Cross-site scripting XSS vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management ZCM 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError event...
CVE-2013-1095
CVE-2013-1095 concerns a cross-site scripting (XSS) vulnerability in the ZENworks Configuration Management (ZCM) 11.2 line, specifically in a ZCC page within njwc.jar. The issue arises from improper validation of onError-event input, allowing remote attackers to inject arbitrary web script or HTM...
CVE-2013-1086
Cross-site scripting XSS vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute...
Cross site scripting
Cross-site scripting XSS vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute...
CVE-2013-1086
CVE-2013-1086 is a Cross-site scripting (XSS) vulnerability in WebAccess of Novell GroupWise prior to 8.0.3 HP3, and 2012 prior to SP2. The issue permits remote attackers to inject arbitrary web script or HTML via onError attribute vectors. Connected documents confirm the affected product (Novell...
Mozilla Cross-origin data leakage from script filename in error messages
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows...
Mozilla Cross-origin data leakage from script filename in error messages
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows...
Mozilla Cross-origin data leakage from script filename in error messages
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows...
Firefox Cross-domain data theft via script redirect error message
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which...