Lucene search
K

25 matches found

0day.today
0day.today
added 2023/03/28 12:0 a.m.306 views

Google Chrome 109.0.5414.74 Unsafe Library Load Vulnerability

Google Chrome version 109.0.5414.74 on Ubuntu attempts to load libnssckbi.so from a user-writable location and if missing, a replacement piece of malware can be used by an attacker to achieve code execution. Although privilege escalation is not likely as an attacker would already need access to t...

7.7AI score
Exploits0
ThreatPost
ThreatPost
added 2020/10/20 1:0 p.m.40 views

Mobile Browser Bugs Open Safari, Opera Users to Malware

A set of address-bar spoofing vulnerabilities that affect a number of mobile browsers open the door for malware delivery, phishing and disinformation campaigns. The bugs, reported by Rapid7 and independent researcher Rafay Baloch, affect six browsers, ranging from the common Apple Safari, Opera...

1.4AI score0.00823EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2016/06/12 12:0 a.m.31 views

Microsoft Internet Explorer 11 XSS Filter Bypass

Vulnerability: IE 11 XSS Filter Bypass Impact: Moderate Authors: Rafay Baloch Company: RHAInfoSec Website: http://rafayhackingarticles.net version: Latest Description Internet explorer 11 Suffers from a XSS Filter bypass using cp1025 charset. This is highly effective when the charset has not been...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2015/10/06 12:0 a.m.21 views

Shell Shock Auto Exploitation Script

Title: Shell Shock Auto Exploitation Script Author: Rafay Baloch import requests,sys if lensys.argv 2: print "Usage: shocktest.py file.txt" exit0 def main: file = sys.argv1 with openfile as f: file = f.read.splitlines for url in file: cmd=" test;;/bin/nopatchobfu" headers = 'user-agent': cmd...

0.4AI score
Exploits0
0day.today
0day.today
added 2014/09/04 12:0 a.m.41 views

Android Browser Same Origin Policy Bypass Vulnerability

A SOP bypass occurs when a sitea.com is some how able to access the properties of siteb.com such as cookies, location, response etc. Due to the nature of the issue and potential impact, this is very rarely found in modern browsers. However, they are found once in a while. Vulnerability: Android...

7AI score
Exploits0
0day.today
0day.today
added 2014/09/04 12:0 a.m.26 views

Google Chrome 31.0 XSS Auditor Bypass Vulnerability

Google chrome XSS auditor was found prone to a bypass when the user input passed though location.hash was being written to the DOM by using document.write property. Normally, XSS auditor checks XSS by comparing the request and response however, it also checks for request itself, if it contains an...

6.6AI score
Exploits0
Packet Storm
Packet Storm
added 2014/09/01 12:0 a.m.30 views

Google Chrome 36.0 XSS Auditor Bypass

Vulnerability: Google Chrome 36.0 XSS Auditor Bypass Impact: Moderate Authors: Rafay Baloch Company: RHAInfoSec Website: http://rhainfosec.com version: Latest Description Google chrome XSS auditor was found prone to a bypass when the user input passed though location.hash was being written to the...

0.5AI score
Exploits0
0day.today
0day.today
added 2014/04/30 12:0 a.m.38 views

Lavarel-Security XSS Filter Bypass Vulnerability

Lavarel-Security cross site scripting filter suffers from a bypass vulnerability. Product: Lavarel-Security XSS Filter Bypass Vulnerability: Mutation Based XSS Bypass Impact: Medium/High Authors: Rafay Baloch Company: RHAinfoSEC Website: http://rhainfosec.com Status: Fixed ========= Description...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2013/11/30 12:0 a.m.26 views

Joomla JMultimedia Command Execution

!/usr/bin/perl Exploit Title: comjmultimedia Remote Command Execution Author: Deepankar Arora and Rafay Baloch Vendor: http://joomlacode.org/gf/project/denvideo/ Enter the target in this form -- http://victim.com/ Change shell path to your own, if needed use LWP::UserAgent; use HTTP::Request;...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2013/11/20 12:0 a.m.24 views

WordPress Pretty Photo Cross Site Scripting

Wp-Pretty Photo DOM Based XSS Vulnerability Details ======= Product: PrettyPhoto Plugin Security-Risk: Moderate Remote-Exploit: yes Company: RHAINFOSEC Website: http://services.rafayhackingarticles.net Vendor-URL: https://github.com/scaron/prettyphoto Vendor-Status: informed Advisory-Status:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2013/11/06 12:0 a.m.29 views

OWASP Java Encoder Filter Bypass

Product: OWASP Java Encoder Vulnerability: Mutation Based XSS Bypass Impact: Medium/Limited Authors: Rafay Baloch And Alex Infuhr Company: RHAinfoSEC Website: http://services.rafayhackingarticles.net Status: To be fixed in the next release ========= Description ========= Owasp encoder is an...

Exploits0
0day.today
0day.today
added 2013/09/02 12:0 a.m.24 views

Modsecurity Cross Site Scripting Bypass Vulnerability

Modsecurity suffers from a cross site scripting bypass vulnerability. Product: Modsecurity Author: Rafay Baloch Company: RHAINFOSEC Website: http://services.rafayhackingarticles.net Reported: 8/8/2013 Fixed: 25/8/2013 Status: Fixed ============ Introduction ============ The ModSecurity firewall i...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2013/08/31 12:0 a.m.28 views

Modsecurity Cross Site Scripting Bypass

Product: Modsecurity Author: Rafay Baloch Company: RHAINFOSEC Website: http://services.rafayhackingarticles.net Reported: 8/8/2013 Fixed: 25/8/2013 Status: Fixed ============ Introduction ============ The ModSecurity firewall is one of the most known WAF around, It has anonline smoke test where w...

Exploits0
Packet Storm
Packet Storm
added 2013/06/30 12:0 a.m.57 views

Xorbin Analog Flash Clock 1.0 For WordPress XSS

==================================================================== Xorbin Analog Flash Clock 1.0 Plugin for Wordpress Flash-based XSS ==================================================================== Description: This plugin displays analog flash clock on your website. It's easy to use and...

4.1CVSS0.6AI score0.0245EPSS
Exploits3
Packet Storm
Packet Storm
added 2013/06/30 12:0 a.m.25 views

Xorbin Digital Flash Clock 1.0 For WordPress XSS

==================================================================== Xorbin Digital Flash Clock 1.0 Plugin for Wordpress Flash-based XSS ==================================================================== Description: This plugin displays digital flash clock on your website. It's easy to use and...

0.2AI score0.01251EPSS
Exploits2
Packet Storm
Packet Storm
added 2013/06/30 12:0 a.m.79 views

Xorbin Analog Flash Clock 1.0 For Joomla XSS

==================================================================== Xorbin Analog Flash Clock 1.0 Extension for Joomla Flash-based XSS ==================================================================== Description: This plugin displays analog flash clock on your website. It's easy to use and...

4.1CVSS0.3AI score0.0245EPSS
Exploits3
Packet Storm
Packet Storm
added 2013/06/23 12:0 a.m.18 views

CyberKendra Search Bar Cross Site Scripting

RHA InfoSec CyberKendra Search Bar Script DOM Based XSS Vulnerability Details ============= Risk: Moderated Vendor-URL: http://www.cyberkendra.com/ Credits ============= Discovered by: Rafay Baloch And Prakhar Prasad of RHA InfoSec Blog: http://rafayhackingarticles.net Description ============...

Exploits0
Packet Storm
Packet Storm
added 2013/06/01 12:0 a.m.18 views

HtmlCommentBox Cross Site Scripting

Exploit Title: HtmlCommentBox Multiple Vulnerabilities Release Date: 01/06/2013 Author: Rafay Baloch And Deepankar Arora Website: www.rafayhackingarticles.net Contact: www.rafayhackingarticles.net Vendor: www.htmlcommentbox.com Versions Affected: All Google Dork: intext:"by HtmlCommentBox" 1...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2013/04/18 12:0 a.m.18 views

Fork CMS Cross Site Scripting

=================================================================================== Fork-CMS Stored XSS: Stored XSS: Author: Rafay Baloch Introduction: Cross Site scritping XSS has been a problem for ages, XSS occurs when the input data is copied into application responses without being sanitized...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2013/03/08 12:0 a.m.24 views

Your Own Classifieds Cross Site Scripting

Vendor: http://www.yourownclassifieds.com Description: Your own classified software is a script that helps you creates your own store. Discovered by: Rafay Baloch Vulnerability: Non persistent XSS The script fails to sanitize the input that is entered into the text box resulting into a XSS. POC:...

7.4AI score
Exploits0
Rows per page
Query Builder