Thor Larholm

9 exploits Active since Jun 2001
CVE-2002-0148 EXPLOITDB text WORKING POC
Internet Information Server 4.0-5.1 - Cross-Site Scripting via HTTP Error Page
Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.
EIP-2026-118840 EXPLOITDB text WRITEUP
Microsoft Internet Explorer 6 - URI Handler Restriction Circumvention
CVE-2002-0723 EXPLOITDB text WORKING POC
Microsoft Internet Explorer <6.0 - XSS
Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag."
CVE-2007-3186 EXPLOITDB html WORKING POC
Apple Safari Beta 3.0.1 - Remote Code Execution via Gopher URI in IFRAME SRC
Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI.
EIP-2026-118276 EXPLOITDB html WORKING POC
Apple Safari 3 for Windows Beta - Remote Command Execution
CVE-2001-0322 EXPLOITDB html WORKING POC
Internet Explorer - Denial of Service via Object Creation and Deletion
MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object.
CVE-2007-1947 EXPLOITDB html WORKING POC
Firebug < 1.03 - Cross-Zone Scripting via DOM Templates
Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome by overwriting the toString function via a certain function declaration, related to incorrect identification of anonymous JavaScript functions, a different issue than CVE-2007-1878.
CVE-2007-3670 EXPLOITDB text WORKING POC
Microsoft Internet Explorer - Argument Injection and Cross-Browser Scripting via FirefoxURL/FirefoxHTML URI
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
EIP-2026-100233 EXPLOITDB text WORKING POC
CPaint 1.3 - xmlhttp Request Input Validation