3797 matches found
in aces/loris
Description It is possible to perform a clickjacking attack due to the lack of frame restrictions such as X-Frame-Options: DENY Proof of Concept Tested :: https://demo.loris.ca/ https://drive.google.com/file/d/1oSi2JpYnPjjoL6QvhFnsHcTD94KMzKBj/view?usp=sharing Impact Clickjacking is an...
UPchieve: Clickjacking login page of https://hackers.upchieve.org/login
Hello, you have discovered this unprotected login page https://hackers.upchieve.org/login An attacker can in frame page in iframe and Deception of a user and obtaining a password, email and sensitive information Impact An attacker can aDeception of a user and obtaining a password, email and...
Log Analysis Security Bulletin List
Question Is there a list of security bulletins that describe resolved vulnerabilities affecting Log Analysis? Answer Log Analysis is made up of several components. The following table contains security bulletins that address the vulnerability of various components in Log Analysis, listed by...
Clickjacking
yourls/yourls is vulnerable to clickjacking. It was possible to perform a clickjacking attack due to the lack of frame restrictions and the application does not configure the response header X-Frame-Options: DENY...
in opensourcepos/opensourcepos
✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️♂️ Proof of Concept Image: https://i.ibb.co/cbtVcb1/clickjack.png 💥 Impact According to PortSwigger references, it is...
in zoujingli/thinkadmin
✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...
Debian: Security Advisory (DSA-4962-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
in livehelperchat/livehelperchat
✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...
Debian DSA-4962-1 : ledgersmb - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-4962 advisory. Several vulnerabilities were discovered in LedgerSMB, a financial accounting and ERP program, which could result in cross-site scripting or clickjacking. For the...
[SECURITY] [DSA 4962-1] ledgersmb security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4962-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 23, 2021 https://www.debian.org/security/faq -...
in yourls/yourls
✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...
in getgrav/grav-plugin-admin
✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...
DEBIAN-CVE-2021-3731
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions...
CVE-2021-3731
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions...
CVE-2021-3731
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions...
CVE-2021-3731
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions...
Code injection
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions...
UBUNTU-CVE-2021-3731
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions...
CVE-2021-3731 Improper Restriction of Rendered UI Layers or Frames in ledgersmb/ledgersmb
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions...
CVE-2021-3731
CVE-2021-3731 affects LedgerSMB with clickjacking risk where an attacker could trick a user into performing unintended actions via wrapping. Connected advisories corroborate cross-site scripting/clickjacking exposure and related input handling weaknesses across multiple distros (Debian, Ubuntu); ...