openSUSE: Security Advisory for roundcubemail (openSUSE-SU-2016:3032-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for roundcubemail (openSUSE-SU-2016:3038-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for roundcubemail (important)

roundcubemail was updated to version 1.1.7 and fixes the following issues: - Update to 1.1.7 A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command boo1012493 A maliciously crafted email could cause untrusted code to be executed cross site scripting usi...

Security update for roundcubemail (important)

This update for roundcubemail fixes the following issues: - A maliciously crafted email could cause untrusted code to be executed cross site scripting using $lt;area href=javascript:... boo982003, CVE-2016-5103 - Avoid HTML styles that could cause potential click jacking boo1001856 - A maliciousl...

Legal Robot: Click Jacking

Hey legalRobot! I have found Click Jacking type of Vulnerability in your Website Now The Question is What is Click Jacking. Click Jacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user into clicking on something different from what...

JVN#54686544: HOME SPOT CUBE multiple vulnerabilities

HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains multiple vulnerabilities listed below. Cross-site scripting - CVE-2016-1136 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.3 CVSS v2|...

Cisco Prime Infrastructure Frame Injection Vulnerability

A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an...

Cisco Identity Services Engine Cross-Frame Scripting Vulnerability

A vulnerability in the web interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a...

SUSE SLED10 / SLES10 Security Update : Samba (SUSE-SU-2013:0325-1)

The Samba Web Administration Tool SWAT in Samba versions 3.0.x to 4.0.1 was affected by a cross-site request forgery CVE-2013-0214 and a click-jacking attack CVE-2013-0213. This has been fixed. Additionally a bug in mount.cifs has been fixed which could have lead to file disclosure CVE-2012-1586...

IBM WebSphere Application Server 7.0 < Fix Pack 37 Multiple Vulnerabilities (POODLE)

The IBM WebSphere Application Server running on the remote host is version 7.0 prior to Fix Pack 37. It is, therefore, affected by the following vulnerabilities : - A man-in-the-middle MitM information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles...

IBM WebSphere Application Server 8.0 < Fix Pack 10 Multiple Vulnerabilities (POODLE)

The remote host is running IBM WebSphere Application Server version 8.0 prior to Fix Pack 10. It is, therefore, affected by the following vulnerabilities : - Multiple errors exist related to the included IBM HTTP server that can allow remote code execution or denial of service. CVE-2013-5704,...

IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.4 Multiple Vulnerabilities (POODLE)

The IBM WebSphere Application Server running on the remote host is version 8.5 prior to Fix Pack 8.5.5.4. It is, therefore, affected by the following vulnerabilities : - Multiple errors exist related to the included IBM HTTP server that can allow remote code execution or denial of service...

Get Simple CMS 3.3.3 CSRF / XSS / Clickjacking Vulnerabilities

Get Simple CMS version 3.3.3 suffers from cross site request forgery, clickjacking, and various cross site scripting vulnerabilities. Affected Vendor: http://get-simple.info/ Date: 23/09/2014 Discovered by: JoeV Type of vulnerability: CSRF, Click-jacking, DOM based XSS and XSS Tested on: Windows ...

Get Simple CMS 3.3.3 CSRF / XSS / Clickjacking

Affected Vendor: http://get-simple.info/ Date: 23/09/2014 Discovered by: JoeV Type of vulnerability: CSRF, Click-jacking, DOM based XSS and XSS Tested on: Windows 7 Version : 3.3.3 Description: Get Simple CMS v 3.3.3 is susceptible to multiple vulnerabilities such as CSRF, Click-jacking, DOM base...

phpwcms <= 1.5.4.6 "preg_replace" - Multiple Vulnerabilities

No description provided by source. ?php / phpwcms = v1.5.4.6 pregreplace remote code execution exploit vendor: http://www.phpwcms.de/ Download: github.com/slackero/phpwcms by: aeon Well it appears there are multiple remote code execution bugs that exists in phpwcms for quite some time now. Here I...

Factlink: Click-Jacking due to missing X-frame header

Hey there I found out that you have missing X-frame header which allows click jacking in your website...

Mozilla Thunderbird < 24.6 Multiple Vulnerabilities

Binary data 8292.prm...

Opera < 22 Multiple Chromium Vulnerabilities

The version of Opera installed on the remote host is prior to version 22. It is, therefore, reportedly affected by multiple vulnerabilities in the bundled version of Chromium : - Use-after-free errors exist related to 'styles' and 'SVG' handling. CVE-2014-1743, CVE-2014-1745 - An integer overflow...

Google Chrome < 35.0.1916.114 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is a version prior to 35.0.1916.114. It is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to 'styles' and 'SVG' handling. CVE-2014-1743, CVE-2014-1745 - An integer overflow error exists relate...

Discuz! X A XSS-vulnerability warning-the black bar safety net

Self XSS + Click Jacking == storage type XSS http://hi.baidu.com/hacklele/admin.php?frames=yes&action=moderate&operation=threads, the page has a hidden form"title", you can GET submitted, the Management click"Submit"after the trigger. Because it is a Self XSS, bad use, and Discuz the background i...