3797 matches found
py-matrix-synapse -- multiple vulnerabilities
Matrix developers report: Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild. A malicious homeserver could force Synapse to reset the state in a room to a small subset of t...
IBM Security Secret Server Clickjacking Vulnerability
IBM Security Secret Server is a set of privileged access management solutions from IBM USA. The product supports password management, privileged account identification and privileged session access monitoring and logging. A security vulnerability exists in IBM Security Secret Server all versions....
IBM Spectrum Protect Clickjacking Vulnerability
IBM Spectrum Protect formerly known as Tivoli Storage Manager is a suite of data protection platforms from IBM in the United States. The platform provides organizations with a single point of control and management, and supports backup and recovery for virtual, physical and cloud environments of...
Security Bulletin: IBM Spectrum Protect Client and IBM Spectrum Protect for Space Management web user interface vulnerable to authentication bypass and clickjacking (CVE-2020-4494, CVE-2020-4406)
Summary The web user interface provided by the IBM Spectrum Protect Client and IBM Spectrum Protect for Space Management is vulnerable to authentication bypass and a clickjacking attack. Vulnerability Details CVEID: CVE-2020-4494 DESCRIPTION: The IBM Spectrum Protect Backup-Archive Client web use...
Imgur: self-xss with ClickJacking can leads to account takeover in Firefox
Description Hi, i think i found a valid chaining issues here ClickJacking issue I discovered that have some endpoints that permits to frame imgur.com with some limitations, but even in this case, it is possible to carry out a proof of concept. One of the cases is in the /all/ directory of...
CVE-2020-10743
It was discovered that OpenShift Container Platform's OCP distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as...
IBM API Connect Clickjacking Vulnerability (CNVD-2020-34991)
IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing and securing APIs, microservices and more. A security vulnerability exists in IBM API Connect versions 2018.4.1.0 through 2018.4.1.10. A remo...
Security Bulletin: IBM API Connect is vulnerable to clickjacking (CVE-2020-4195)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4195 DESCRIPTION: IBM API Connect could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could explo...
Western Digital My Cloud Home and ibi Websites Clickjacking Vulnerability
Western Digital My Cloud is a personal cloud storage device from Western Digital. A security vulnerability exists in Western Digital My Cloud Home and ibi Websites versions prior to 2.2.0. An attacker could exploit the vulnerability to hijack click-through actions on the login page...
GHSA-3GG7-9Q2X-79FC Improper Restriction of Rendered UI Layers or Frames in Keycloak
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...
Improper Restriction of Rendered UI Layers or Frames in Keycloak
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...
CVE-2020-10951
Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages...
CVE-2020-10951
Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages...
Code injection
Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages...
CVE-2020-10951
Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages...
CVE-2020-10951
CVE-2020-10951 affects Western Digital My Cloud Home and ibi devices (pre-2.2.0). The issue is a clickjacking vulnerability on sign-in pages, allowing an attacker to hijack sign-in interactions. Affected versions are prior to 2.2.0. Mitigation: upgrade to 2.2.0 or later (per PT/security advisorie...
Clickjacking Vulnerability in Golden Jade Butler App
Jade Butler app is a mobile trading platform launched by Hengtai Securities, the platform has securities quotes, securities trading, account management, securities information and many other features. There is a clickjacking vulnerability in Jade Butler App, which can be exploited by attackers to...
PT-2020-12443 · Western Digital · Western Digital My Cloud Home +1
Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud Home and ibi devices versions prior to 2.2.0 Description: The issue allows clickjacking on sign-in pages. Recommendations: For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue...
Authorization Bypass
squirrelmail is vulnerable to authorization bypass. THe vulnerability exists as SquirrelMail was allowed to be loaded into an HTML sub-frame, allowing a remote attacker to perform a clickjacking attack against logged in users and possibly gain access to sensitive user data...
Clickjacking
thunderbird is vulnerable to clickjacking. A flaw was found in the way Thunderbird displayed certain web content. A malicious HTML mail message could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are...