3797 matches found
VK.com: Clickjacking vkpay
Clickjacking...
OLX: Bypass CSP frame-ancestors at olx.co.za, olx.com.gh
Hi, olx.co.za and olx.com.gh both of them restrict framing by using this CSP rule: content-security-policy: frame-ancestors 'self' https://.mod-tools.com: olx.co.za: F313178 olx.com.gh: F313179 If we take a look at mod-tools.com we can see that the domain is not claimed: $ dig mod-tools.com ; DiG...
Security Bulletin: IBM TRIRIGA default login page has no defenses against clickjacking (CVE-2017-1465)
Summary IBM TRIRIGA could allow a remote attacker to hijack the clicking action of the victim. Vulnerability Details CVEID: CVE-2017-1465 DESCRIPTION: IBM TRIRIGA could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a...
Security Bulletin: Security Vulnerability affecting FileNet Content Manager and IBM Content Foundation (CVE-2013-5462)
Summary A "Clickjacking" security vulnerability affects the IBM Content Navigator toolkit which is used by the Administration Console for Content Engine ACCE tool. This tool is packaged with both the FileNet Content Manager and IBM Content Foundation products. The Administration Console for Conte...
Security Bulletin: IBM Content Navigator Potential Clickjacking Vulnerability (CVE-2013-5462)
Summary If the IBM Content Navigator application URL is opened within a frame in a web page, it's possible for the frame to record user input, potentially capturing sensitive information like login credentials. Vulnerability Details CVEID: CVE-2013-5462 DESCRIPTION: The IBM Content Navigator...
Security Bulletin: IBM Rational Service Tester Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)
Summary Java API Documentation contains a frame injection vulnerability. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your IBM ID ---|--- CVEID: CVE-2013-1571...
Security Bulletin: Rational Performance Tester Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)
Summary IBM Rational Performance Tester Java API Documentation contains a frame injection vulnerability. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your IBM ID ---|--...
Security Bulletin: IBM Rational Build Forge Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)
Summary Java API Documentation contains a frame injection vulnerability. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your IBM ID ---|--- CVEID: CVE-2013-1571...
Security Bulletin: IBM Security Network Protection is affected by ClickJacking vulnerability CVE-2014-6197
Summary A ClickJacking also known as a "UI redress attack" vulnerability has been discovered in IBM Security Network Protection. Vulnerability Details CVE-ID: CVE-2014-6197 Description: A clickjacking vulnerability in IBM Security Network Protection could allow a remote attacker to hijack the...
Security Bulletin: Multiple vulnerabilities addressed in IBM Security Access Manager
Summary There are multiple vulnerabilities in various components used by IBM Security Access Manager for Mobile and IBM Security Access Manager for Web. Vulnerability Details The following vulnerabilities affect both IBM Security Access Manager for Mobile and IBM Security Access Manager for Web...
Security Bulletin: Financial Transaction Manager for Corporate Payment Services: Clickjacking (CVE-2016-3060)
Summary IBM Financial Transaction Manager for Corporate Payment Services could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and...
Security Bulletin: IBM InfoSphere DataStage is vulnerable to Cross-Frame Scripting issue (CVE-2016-9000)
Summary IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. Vulnerability Details CVEID: CVE-2016-9000 DESCRIPTION: IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote...
Security Bulletin: IBM InfoSphere Information Server is vulnerable to Cross-Frame Scripting issue (CVE-2016-5984)
Summary IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. Vulnerability Details CVEID: CVE-2016-5984 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe...
Security Bulletin: Vulnerability in RSOC_APP_01 Frameable Response Potential Clickjacking (CSRF) affects IBM Algorithmics Algo Risk Application - CVE-2016-0207
Summary IBM Algorithmics One-Algo Risk Application could allow a remote attacker to hijack the clicking action of the victim. A remote attacker could send a specially-crafted HTTP request to hijack the victim's click actions from the system. Vulnerability Details CVEID: CVE-2016-0207 DESCRIPTION:...
Security Bulletin: IBM Business Process Manager (BPM) document store is affected by clickjacking vulnerability in administrative tool for BPM document store (CVE-2013-5462)
Summary A clickjacking vulnerability has been reported for the administrative tool ACCE of the embedded component used by IBM BPM document store. Vulnerability Details CVEID: CVE-2013-5462 DESCRIPTION: The IBM Content Navigator application URL can be opened within a frame in a Web page. In this...
Openfire < 3.9.2 Reflected XSS Vulnerability - Active Check
Openfire is prone to a reflected cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Cisco Unified Communications Manager Input Validation Vulnerability
Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. An input validation vulnerabilit...
Steam, Fire, and Paste – A Story of UXSS via DOM-XSS & Clickjacking in Steam Inventory Helper
Summary The “Steam Inventory Helper” Chrome extension version 1.13.6 suffered from both a DOM-based Cross-site Scripting XSS and a clickjacking vulnerability. By combining these vulnerabilities it is possible to gain JavaScript code execution in the highly-privileged context of the extension's...
Steam, Fire, and Paste – A Story of UXSS via DOM-XSS & Clickjacking in Steam Inventory Helper
Summary The “Steam Inventory Helper” Chrome extension version 1.13.6 suffered from both a DOM-based Cross-site Scripting XSS and a clickjacking vulnerability. By combining these vulnerabilities it is possible to gain JavaScript code execution in the highly-privileged context of the extension’s...
Update Google Chrome Immediately to Patch a High Severity Vulnerability
You must update your Google Chrome now. Security researcher Michał Bentkowski discovered and reported a high severity vulnerability in Google Chrome in late May, affecting the web browsing software for all major operating systems including Windows, Mac, and Linux. Without revealing any technical...