GreyMagic Software

17 exploits Active since May 2002
EIP-2026-118991 EXPLOITDB text WORKING POC
Opera 7.0 - History Object Information Disclosure
EIP-2026-118992 EXPLOITDB text WORKING POC
Opera 7.0 - JavaScript Console Attribute Injection
CVE-2002-0898 EXPLOITDB html WORKING POC
Opera Web Browser 6.0.1-6.0.2 - Unauthenticated Arbitrary File Upload via Input File Tag Newline Injection
Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline.
EIP-2026-118989 EXPLOITDB text WORKING POC
Opera 7 - Image Rendering HTML Injection
EIP-2026-118990 EXPLOITDB text WORKING POC
Opera 7.0 - Error Message History Disclosure
CVE-2002-1254 EXPLOITDB text WRITEUP
Internet Explorer <6.1 - CSRF
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."
CVE-2003-0446 EXPLOITDB text WRITEUP
Internet Explorer 5.5 and 6.0 - Cross-Site Scripting via XML Parse Error
Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message.
CVE-2002-0648 EXPLOITDB text WORKING POC
Microsoft Internet Explorer <6.0 - Info Disclosure
The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
EIP-2026-118835 EXPLOITDB text WORKING POC
Microsoft Internet Explorer 6 - Resource Detection
CVE-2005-1191 EXPLOITDB text WRITEUP
Windows Explorer < Windows 2000 - XSS
The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.
CVE-2002-1217 EXPLOITDB text WORKING POC
Internet Explorer 5.5 and 6.0 - Cross-Frame Scripting via Document Property Access
Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.
CVE-2002-0191 EXPLOITDB text WORKING POC
Microsoft Internet Explorer 5.01, 5.5, 6.0 - Unauthenticated Arbitrary File Read via cssText Property
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability.
CVE-2003-0447 EXPLOITDB text WORKING POC
Internet Explorer 5.01-6.0 - Remote Code Execution via Custom HTTP Errors
The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated.
CVE-2002-0189 EXPLOITDB text WORKING POC
Internet Explorer 6.0 - Cross-Site Scripting via Local HTML Resource
Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability.
CVE-2002-1187 EXPLOITDB text WORKING POC
Internet Explorer 5.01-6.0 - Cross-Site Scripting via Frame or IFrame Element
Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.
EIP-2026-104021 EXPLOITDB text WORKING POC
Opera Web Browser 7.5 - Resource Detection
EIP-2026-103839 EXPLOITDB text WRITEUP
Adobe SVG Viewer 3.0 - 'postURL'/'getURL' Restriction Bypass