This Metasploit module exploits a code execution vulnerability in Microsoft Internet Explorer using a buffer overflow in the VML processing code (VGX.dll). This Metasploit module has been tested on Windows 2000 SP4, Windows XP SP0, and Windows XP SP2.
dc3cd815cea490d0b9d3e5420cb08f039d38532b17c625f368c3079ec2fe492d
Certain constructs are not escaped correctly by Opera's History Search results. These can be used to inject scripts into the page, which can then be used to modify configuration settings and execute arbitrary commands. Affects Opera versions between 9.50 and 9.61.
8ee97c6c137b092fb141c1b73dea46bcc91809906758777dbdcce9e2f67b0d2b
This Metasploit module exploits a code execution vulnerability in the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird applications. This exploit module is a direct port of Aviv Raff's HTML PoC.
b867c0785b780e6498eb0c3b8d27c20f4cec51a630404edc8bd0c545b8e1e652
Month of Twitter Bugs - TweetMeme suffered from a reflected cross site scripting vulnerability.
a727948f3ae8cae320a68fe0f4b06d5f62bdbf9e36caa584d8753fedc1b6380a
Month of Twitter Bugs - Brightkite suffered from a reflected cross site scripting vulnerability.
dc304b2111a303fe988badb60b5e6514b7c250e477e30558871fbc1a7467a649
Month of Twitter Bugs - TweetGrid suffered from a reflected cross site scripting vulnerability.
8895a1e102b54e7382e73861e7faa95b963552c81c213a287f40a3098f064728
Month of Twitter Bugs - Twitturly suffered from a persistent cross site scripting flaw.
10d843ce9b1005e2fe1aca69514d7d331c21c1ea4778cd9c2efa8a4ac6120381
Month of Twitter Bugs - TwitIQ suffered from cross site request forgery and cross site scripting vulnerabilities.
7be0a3d4416f7ed804c7757415cbe4c24a6a94509775e3e29239d0d9ad6f8390
Month of Twitter Bugs - Twellow suffered from a reflected cross site scripting vulnerability.
4e86cd7810ff29be5c79806f01a4db208f5d7dfc0a096ee5fbc32af817627926
Month of Twitter Bugs - Twitterfall suffers from a cross site scripting vulnerability.
65fb9c299abb8b929979fad6222bed58930a27ee64999561b72cba49ccc48252
Month of Twitter Bugs - The yfrog application suffered from a reflected cross site scripting vulnerability.
283cf7e1ae7038770924277e991ca2898b86c2b7153af6cd01f0d9b8a79318e5
Month of Twitter Bugs - The TwitPic application suffered from cross site request forgery and cross site scripting vulnerabilities.
ac99bf0f99e3d52cee2f2163612083138e5101fe349bda2bad006174ab6c2e36
Month of Twitter Bugs - The TwitSnaps application is susceptible to a reflect cross site scripting vulnerability.
1aa2f141901738d38bfae80def5fd9ab666dedfd8d188000f20b7e448e099472
Month of Twitter Bugs - The BigTweet bookmarklet tool suffered from a cross site request forgery vulnerability.
0b17f72c1dc2da7cf4f3ff5dff5cc5f6a402f6b6e6707938de5e4e5b56ba5e54
Month of Twitter Bugs - The TwitWall application suffers from a persistent cross site scripting vulnerability.
a58a9c6d750d535f4ccee264e486a17f7058af99920ca033e156007ce493340c
Month of Twitter Bugs - The HootSuite Twitter toolbox suffered from a reflected cross site scripting vulnerability.
f28506907cd78635c4ac90b9095db2b20246930dc6c5c11faee949ae3b552812
Month of Twitter Bugs - The bit.ly service suffered from multiple cross site scripting vulnerabilities.
31ec4a5275c9326490446d0db51bcc2382ae41ebdae9b9e899f219a573d60baa
Opera version 9.52 and 9.60 stored cross site scripting and remote code execution exploit. This is an expansion on the research performed by Security Assessment.
3016c77408b82807e6ba7f702b979b7b81a888b4e82825c954fa6666b48e5e53
Microsoft Internet Explorer is prone to a cross-zone scripting vulnerability in its Print Table of Links feature.
ab3b393d7e4b97e90d8aa5846710e4ffa6f5a62715e2e70336e0b5c2da459d67
It appears that Mozilla Firefox version 2.0.0.11 suffers from an information spoofing attack via the basic authentication dialog box.
47f59d9aae591cbc74235ab2ddb5b49260a968d8b63446411d277d8f679abdb1
Google Toolbar allows spoofing the information presented in the dialog which is being displayed when adding a new Google Toolbar button.
23840b25b3fcacc6483afac763d595c2faf7a2d138ebdc52d35d1162be1072c7
Mobile phones can be subjected to denial of service attacks via cross site request forgery attacks.
f504c0d2a3b3c5b7011788d04b9270b5fb977102c05e7325c709437fdd4fdc4d
Apple Quicktime with Internet Explorer .qtl version XAS remote exploit proof of concept.
de4404cb7f47bc2c5e0fcb7378ef9ef71fe35d3013f67082b48b39e11d466c91
iDefense Security Advisory 08.14.07 - Remote exploitation of a Cross Site Scripting (XSS) vulnerability in the Windows Vista Sidebar RSS Gadget allows an attacker to execute arbitrary code with the privileges of the logged in user. The vulnerability exists within the parsing of the certain elements of the items in an RSS feed. A properly crafted HTML tag within these elements will not be removed, and will be rendered by the RSS gadget. Since the RSS gadget runs in the local zone, the injected JavaScript has full access to the system. iDefense has confirmed the existence of this vulnerability in Microsoft Windows Vista Business. Other versions are suspected to be vulnerable.
b72e8982684f82bb2ef8f850fc5b1d27c583c8eb479eac82601e2686a3b3bac8
Internet Explorer 7.0 is vulnerable to cross-site scripting in one of its local resources. In combination with a design flaw in this specific local resource it is possible for an attacker to easily conduct phishing attacks against IE7 users.
b2b26c80e92ddc7107b42af7cd66181fbbf55544a6b52617ee681dde95781999