3797 matches found
LimeSurvey < 3.17.14 Multiple Vulnerabilities
LimeSurvey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Limesurvey Clickjacking Vulnerability
limesurvey is an open source online questionnaire program with multiple functions such as questionnaire design, modification, release, recovery and statistics. A clickjacking vulnerability exists in Limesurvey versions prior to 3.17.14. No detailed vulnerability details are provided at this time...
CVE-2019-16175
A clickjacking vulnerability was found in Limesurvey before 3.17.14...
CVE-2019-16175
A clickjacking vulnerability was found in Limesurvey before 3.17.14...
Security feature bypass
A clickjacking vulnerability was found in Limesurvey before 3.17.14...
CVE-2019-16175
LimeSurvey before version 3.17.14 is affected by a clickjacking vulnerability. The CVSSv3.1 base score is 4.3 (Medium) with network attack vector, low attack complexity, requiring user interaction, and no confidentiality or availability impact. Affected product: LimeSurvey; vulnerable component/f...
CVE-2019-16175
A clickjacking vulnerability was found in Limesurvey before 3.17.14...
Palo Alto Software: Clickjacking
Summary Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of the...
DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting Vulnerabilities
Exploit for hardware platform in category web applications Multiple Cross-Site Scripting XSS in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. Exploit Titl...
DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting
DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting Multiple Cross-Site Scripting XSS in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. Exploit...
Clickjacking Vulnerability in Schneider Electric Modicon M340 PLCs
Schneider Electric Modicon M340 is a medium-sized PLC from Schneider Electric, which has a wide range of applications in the industrial control field in China. A clickjacking vulnerability exists in the Schneider Electric Modicon M340 PLC. An attacker could tamper with a user's password by...
DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting
Multiple Cross-Site Scripting XSS in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. Exploit Title: Multiple Cross-Site Scripting XSS in DASAN Zhone ZNID GP...
A week in security (August 26 – September 1)
Last week on Malwarebytes Labs, we analysed the Android xHelper trojan, we wondered why the Nextdoor app would send out letters on behalf of their customers, reported about a study that explores the clickjacking problem across top Alexa-ranked websites, wondered how to get the board to invest in...
Study explores clickjacking problem across top Alexa-ranked websites
Clickjacking has been around for a long time, working hand-in-hand with the unwitting person doing the clicking to send them to parts unknown—often at the expense of site owners. Scammers achieve this by hiding the page object the victim thinks they’re clicking on under a layer or layers of...
Mail.ru: Delete images of users with clickjacking in https://pw.mail.ru
Researcher found site-wide Clickjacking on https://pw.mail.ru which potentially could be used to trick user to delete avatar or change his/her profile data...
Clickjacking Evolves to Hook Millions of Top-Site Visitors
Clickjacking, where links on a website redirect unknowing users to spam, advertising or malware, has been around for decades. However, new tactics that defy the best mitigation efforts of browsers has led to it affecting millions of internet users browsing the web’s top sites, researchers found i...
CVE-2019-3639
Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway MWG 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header...
CVE-2019-3639
Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway MWG 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header...
Design/Logic Flaw
Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway MWG 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header...
CVE-2019-3639 MWG UI: Cross-Frame Scripting vulnerability
Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway MWG 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header...