This Metasploit module exploits a code execution vulnerability in Microsoft Internet Explorer using a buffer overflow in the VML processing code (VGX.dll). This Metasploit module has been tested on Windows 2000 SP4, Windows XP SP0, and Windows XP SP2.
dc3cd815cea490d0b9d3e5420cb08f039d38532b17c625f368c3079ec2fe492dCertain constructs are not escaped correctly by Opera's History Search results. These can be used to inject scripts into the page, which can then be used to modify configuration settings and execute arbitrary commands. Affects Opera versions between 9.50 and 9.61.
8ee97c6c137b092fb141c1b73dea46bcc91809906758777dbdcce9e2f67b0d2bThis Metasploit module exploits a code execution vulnerability in the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird applications. This exploit module is a direct port of Aviv Raff's HTML PoC.
b867c0785b780e6498eb0c3b8d27c20f4cec51a630404edc8bd0c545b8e1e652Month of Twitter Bugs - TweetMeme suffered from a reflected cross site scripting vulnerability.
a727948f3ae8cae320a68fe0f4b06d5f62bdbf9e36caa584d8753fedc1b6380aMonth of Twitter Bugs - Brightkite suffered from a reflected cross site scripting vulnerability.
dc304b2111a303fe988badb60b5e6514b7c250e477e30558871fbc1a7467a649Month of Twitter Bugs - TweetGrid suffered from a reflected cross site scripting vulnerability.
8895a1e102b54e7382e73861e7faa95b963552c81c213a287f40a3098f064728Month of Twitter Bugs - Twitturly suffered from a persistent cross site scripting flaw.
10d843ce9b1005e2fe1aca69514d7d331c21c1ea4778cd9c2efa8a4ac6120381Month of Twitter Bugs - TwitIQ suffered from cross site request forgery and cross site scripting vulnerabilities.
7be0a3d4416f7ed804c7757415cbe4c24a6a94509775e3e29239d0d9ad6f8390Month of Twitter Bugs - Twellow suffered from a reflected cross site scripting vulnerability.
4e86cd7810ff29be5c79806f01a4db208f5d7dfc0a096ee5fbc32af817627926Month of Twitter Bugs - Twitterfall suffers from a cross site scripting vulnerability.
65fb9c299abb8b929979fad6222bed58930a27ee64999561b72cba49ccc48252Month of Twitter Bugs - The yfrog application suffered from a reflected cross site scripting vulnerability.
283cf7e1ae7038770924277e991ca2898b86c2b7153af6cd01f0d9b8a79318e5Month of Twitter Bugs - The TwitPic application suffered from cross site request forgery and cross site scripting vulnerabilities.
ac99bf0f99e3d52cee2f2163612083138e5101fe349bda2bad006174ab6c2e36Month of Twitter Bugs - The TwitSnaps application is susceptible to a reflect cross site scripting vulnerability.
1aa2f141901738d38bfae80def5fd9ab666dedfd8d188000f20b7e448e099472Month of Twitter Bugs - The BigTweet bookmarklet tool suffered from a cross site request forgery vulnerability.
0b17f72c1dc2da7cf4f3ff5dff5cc5f6a402f6b6e6707938de5e4e5b56ba5e54Month of Twitter Bugs - The TwitWall application suffers from a persistent cross site scripting vulnerability.
a58a9c6d750d535f4ccee264e486a17f7058af99920ca033e156007ce493340cMonth of Twitter Bugs - The HootSuite Twitter toolbox suffered from a reflected cross site scripting vulnerability.
f28506907cd78635c4ac90b9095db2b20246930dc6c5c11faee949ae3b552812Month of Twitter Bugs - The bit.ly service suffered from multiple cross site scripting vulnerabilities.
31ec4a5275c9326490446d0db51bcc2382ae41ebdae9b9e899f219a573d60baaOpera version 9.52 and 9.60 stored cross site scripting and remote code execution exploit. This is an expansion on the research performed by Security Assessment.
3016c77408b82807e6ba7f702b979b7b81a888b4e82825c954fa6666b48e5e53Microsoft Internet Explorer is prone to a cross-zone scripting vulnerability in its Print Table of Links feature.
ab3b393d7e4b97e90d8aa5846710e4ffa6f5a62715e2e70336e0b5c2da459d67It appears that Mozilla Firefox version 2.0.0.11 suffers from an information spoofing attack via the basic authentication dialog box.
47f59d9aae591cbc74235ab2ddb5b49260a968d8b63446411d277d8f679abdb1Google Toolbar allows spoofing the information presented in the dialog which is being displayed when adding a new Google Toolbar button.
23840b25b3fcacc6483afac763d595c2faf7a2d138ebdc52d35d1162be1072c7Mobile phones can be subjected to denial of service attacks via cross site request forgery attacks.
f504c0d2a3b3c5b7011788d04b9270b5fb977102c05e7325c709437fdd4fdc4dApple Quicktime with Internet Explorer .qtl version XAS remote exploit proof of concept.
de4404cb7f47bc2c5e0fcb7378ef9ef71fe35d3013f67082b48b39e11d466c91iDefense Security Advisory 08.14.07 - Remote exploitation of a Cross Site Scripting (XSS) vulnerability in the Windows Vista Sidebar RSS Gadget allows an attacker to execute arbitrary code with the privileges of the logged in user. The vulnerability exists within the parsing of the certain elements of the items in an RSS feed. A properly crafted HTML tag within these elements will not be removed, and will be rendered by the RSS gadget. Since the RSS gadget runs in the local zone, the injected JavaScript has full access to the system. iDefense has confirmed the existence of this vulnerability in Microsoft Windows Vista Business. Other versions are suspected to be vulnerable.
b72e8982684f82bb2ef8f850fc5b1d27c583c8eb479eac82601e2686a3b3bac8Internet Explorer 7.0 is vulnerable to cross-site scripting in one of its local resources. In combination with a design flaw in this specific local resource it is possible for an attacker to easily conduct phishing attacks against IE7 users.
b2b26c80e92ddc7107b42af7cd66181fbbf55544a6b52617ee681dde95781999
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed