3797 matches found
CVE-2022-27220
Siemens SINEMA Remote Connect Server (all versions
CVE-2022-27219
Siemens SINEMA Remote Connect Server (all versions
CVE-2022-27219
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks a...
Siemens SINEMA Remote Connect Server 安全特征问题漏洞
SINEMA Remote Connect is a remote network management platform that makes it easy to manage tunneled connections VPNs between headquarters, service technicians, and installed machines or plants.A standard security check implementation error vulnerability exists in Siemens SINEMA Remote Connect...
Siemens SINEMA Remote Connect Server 安全特征问题漏洞
SINEMA Remote Connect is a remote network management platform that makes it easy to manage tunneled connections VPNs between headquarters, service technicians, and installed machines or plants.A standard security check implementation error vulnerability exists in Siemens SINEMA Remote Connect...
Siemens SINEMA Remote Connect Server
1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerabilities: Improperly Implemented Security Check for Standard 2. RISK EVALUATION The affected application is missing general HTTP security headers in the web servers...
Security Bulletin: Vulnerability in WebSphere Liberty affecting Watson Knowledge Catalog for IBM Cloud Pak for Data
Summary WebSphere liberty is vulnerable to Clickjacking that is impacting Watson Knowledge Catalog for IBM Cloud Pak for Data. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-39038 DESCRIPTION: IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server...
UI REDRESSING
Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept Go to this URL:...
Security Bulletin: Clickjacking vulnerability in IBM WebSphere Application Server affects Cloud Pak System
Summary A Clickjacking vulnerability has been identified in IBM WebSphere Application Server, a supporting product which is shipped as pattern type with Cloud Pak System. This Security bulletin applies to Cloud Pak System Software and Cloud Pak System Software Suite. Vulnerability Details Refer t...
UI Redressing
Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept 1. Go to this URL:...
Security Bulletin: Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Security Identity Manager
Summary IBM WebSphere Application Server WAS is shipped with IBM Security Identity Manager ISIM. Information about security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Rocket.Chat: Clickjacking at open.rocket.chat
The open.rocket.chat instance was found to have a misconfiguration issue with the "X-FRAME-OPTIONS" header, which could have allowed for clickjacking attacks. The issue was acknowledged and accepted by the Rocket.Chat team. However, they no longer accept vulnerability reports for their clients or...
EC-CUBE Improper Restriction of Rendered UI Layers or Frames
Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted...
GHSA-RWH8-H525-4JVJ EC-CUBE Improper Restriction of Rendered UI Layers or Frames
Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted...
Jenkins REST APIs vulnerable to clickjacking
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not serve the X-Frame-Options: deny HTTP header on REST API responses to protect against clickjacking attacks. An attacker could exploit this by routing the victim through a specially crafted web page that embeds a REST API endpoint in an...
GHSA-7XP8-7WQX-5HQX Jenkins REST APIs vulnerable to clickjacking
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not serve the X-Frame-Options: deny HTTP header on REST API responses to protect against clickjacking attacks. An attacker could exploit this by routing the victim through a specially crafted web page that embeds a REST API endpoint in an...
User Account Deletion and more via Clickjacking
Description As nakama console is not restricted from being loaded in an iframe, clickjacking attack is possible. Proof of Concept 1. Login to nakama console. 2. Save the following as an .html file and open it in the browser to see that the page loads into an iframe. html :"...
New Unpatched Bug Could Let Attackers Steal Money from PayPal Users
A security researcher claims to have discovered an unpatched vulnerability in PayPal's money transfer service that could allow attackers to trick victims into unknowingly completing attacker-directed transactions with a single click. Clickjacking, also called UI redressing, refers to a technique...
UI REDRESSING
Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept Go to this URL:...
UI REDRESSING
Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept Go to this URL:...