133 matches found
Part of the middleware vulnerability summary-vulnerability warning-the black bar safety net
! Do the spectators for a long time, found that there has been no better middleware vulnerability of the summary of the article, just recently doing this to learn, this only summarizes a small portion of the middleware common vulnerabilities for learning reference, follow-up will complement the...
Stored Cross-Site Scripting Vulnerability in PigCMS Sitewide
PigCms also known as Piggy CMS is a multi-user php + mysql based WeChat marketing source code program developed by Hefei Pisan Internet Information Technology Co. PigCMS has a stored cross-site scripting vulnerability throughout the site. After logging into the system, an attacker inserts malicio...
CVE-2017-11320
Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router...
Mozilla: Memory corruption with accessibility and DOM manipulation (MFSA 2017-11, MFSA 2017-12)
During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...
The “elegance”of Linux vulnerabilities: rare ways to bypass the ASLR and DEP protection mechanisms-vulnerability warning-the black bar safety net
! The recent foreign researchers published a exp code in the finished patch to the Fedora and other Linux system on the drive-by attacks, in order to install keyloggers, backdoors and other malicious software. This exp is for the GStreamer framework in a memory-corruption vulnerability that...
Youku open platform storage type XSS script attack vulnerability success hijacking the background-bug warning-the black bar safety net
Youku open platform in the“Create an application”feature of the plurality of fields, not from the client to submit the variables into the database, the output of the safety of the escape process. http://open.youku.com/app/create ! Lead can be directly stepped into the background. Vulnerability...
New Tabbed Browsing Phishing Attack Exploits User Trust
A researcher has developed a new type of phishing attack that takes advantage of the way that browsers handle tabbed browsing and enables an attacker to use a script running in one tab to completely change the content in another tab. The attack, demonstrated by Aza Raskin of Mozilla, could be use...
man2web <= 0.88 Multiple Remote Command Execution Exploit (update2)
Exploit for cgi platform in category web applications =================================================================== man2web include include include include void usagechar argv0 fprintfstderr, "x86/linux multipie man2web cgi-scripts remote command spawn\n"; fprintfstderr, "researched by...
Apache < 2.0.46 Multiple Vulnerabilities
Binary data 1443.prm...
CVE-2004-0675
Cross-site scripting XSS vulnerability in 1 cart32.exe or 2 c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command...
Internet Explorer >=5.0 : Buffer overflow
script wnd=open"about:blank","",""; wnd.moveToscreen.Width,screen.Height; WndDoc=wnd.document; WndDoc.open; WndDoc.clear; buffer=""; fori=1;i=127;i++buffer+="X"; buffer+="DigitalScream"; WndDoc.write"HR align='"+buffer+"'"; WndDoc.execCommand"SelectAll"; WndDoc.execCommand"Copy"; wnd.close; /scri...
Opera 6.0.1 / Microsoft Internet Explorer 5/6 - JavaScript Modifier Keypress Event Subversion
source: https://www.securityfocus.com/bid/5290/info An issue has been reported with the JavaScript implementation of multiple web browsers, including Microsoft Internet Explorer and Opera. Malicious JavaScript may subvert some keypress events, with consequences including the disclosure of arbitra...
[img]-vulnerability in vBulletin Version 2.2.2 & 2.2.1 & maybe olders
Hi I've discovered a vulnerability in the vBulletins's img-Tag implementation, that allows users to inject vbs-code in posts and private messages img is switched on by default. Through that, an attacker is able to steal other users cookies and maybe hijack their accounts. The following code sends...