3797 matches found
Code injection
Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 the fixed version for 5.3.x, from version 5.4.0 before 5.4.6 the fixed version for 5.4.x, from version 5.5.0 before 5.5.6 the fixed version for 5.5.x, from version 5.6.0 before 5.6.3 the fixed version for 5.6.x,...
CVE-2017-18088
Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 the fixed version for 5.3.x, from version 5.4.0 before 5.4.6 the fixed version for 5.4.x, from version 5.5.0 before 5.5.6 the fixed version for 5.5.x, from version 5.6.0 before 5.6.3 the fixed version for 5.6.x,...
CVE-2017-18088
Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 the fixed version for 5.3.x, from version 5.4.0 before 5.4.6 the fixed version for 5.4.x, from version 5.5.0 before 5.5.6 the fixed version for 5.5.x, from version 5.6.0 before 5.6.3 the fixed version for 5.6.x,...
CVE-2017-18088
The CVE-2017-18088 issue affects Atlassian Bitbucket Server prior to fixed versions: 5.3.7 (5.3.x), 5.4.0–5.4.5 (5.4.x), 5.5.0–5.5.5 (5.5.x), 5.6.0–5.6.2 (5.6.x), 5.7.0–5.7.0 (5.7.x), and prior to 5.8.0. The underlying problem is lack of clickjacking protection on various plugin servlet resources...
Coinbase: Prepopulation of email address and name leaks information provided to other merchants
Users of the commerce widget that have entered their name and email into the widget and moved to the currency selection step were vulnerable to a clickjacking attack that revealed name and email to an attacker due to pre-population of the widget's fields. After a user filled out the name / email...
Clickjacking Attack
superset is vulnerable to clickjacking attacks. The library does not restrict requests from a different origin, allowing a malicious user to inject and execute arbitrary SQL commands...
Debian: Security Advisory (DLA-1119-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
IBM Rational DOORS Web Access Clickjacking Vulnerability
IBM Rational DOORS is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM in the United States. The software provides a single platform for global team collaboration to manage requirements more efficiently, sharing unified users, servers and project...
Magento Commerce - CSRLF Web UI Security Vulnerability
Document Title: =============== Magento Commerce - CSRLF Web UI Security Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1573 Release Date: ============= 2018-01-19 Vulnerability Laboratory ID VL-ID: ==================================== 157...
Magento Commerce - CSRLF Web UI Security Vulnerability
Document Title: =============== Magento Commerce - CSRLF Web UI Security Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1573 Release Date: ============= 2018-01-19 Vulnerability Laboratory ID VL-ID: ==================================== 157...
CVE-2016-0207
IBM Algorithmics One-Algo Risk Application ARA 4.9.1 through 5.1.0 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. IBM X-Force ID: 109399...
CVE-2016-0207
IBM Algorithmics One-Algo Risk Application ARA 4.9.1 through 5.1.0 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. IBM X-Force ID: 109399...
Code injection
IBM Algorithmics One-Algo Risk Application ARA 4.9.1 through 5.1.0 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. IBM X-Force ID: 109399...
CVE-2016-0207
IBM Algorithmics One-Algo Risk Application ARA 4.9.1 through 5.1.0 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. IBM X-Force ID: 109399...
CVE-2016-0207
IBM Algorithmics One-Algo Risk Application ARA 4.9.1 through 5.1.0 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. IBM X-Force ID: 109399...
CVE-2016-0207
Affected product: IBM Algorithmics One-Algo Risk Application (ARA) versions 4.9.1–5.1.0. Vulnerability: remote authenticated users could perform clickjacking by sending specially crafted HTTP requests, effectively hijacking the victim’s click actions. Impact: enables manipulation of user interact...
Yelp: ClickJacking on IMPORTANT Functions of Yelp
SUMMARY: Few Important function of yelp.com are vulnerable to ClickJacking Attack. DESCRIPTION: Please have an Introduction about the vulnerability Type: https://en.wikipedia.org/wiki/Clickjacking ClikcJacking is similar to CSRF with just an extra involvement of the victim to click somewhere on t...
Debian: Security Advisory (DLA-897-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Electric Sheep Fencing pfsense clickjacking vulnerability
Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing. A clickjacking vulnerability exists in the cross-site request forgery error page of the /usr/local/www/csrf/csrf-magic.php file of the WebGUI in versions prior to...
Electric Sheep Fencing pfsense clickjacking vulnerability
Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing. A clickjacking vulnerability exists in Electric Sheep Fencing pfSense 2.4.1 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code...