3797 matches found
Design/Logic Flaw
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not...
CVE-2017-1000479
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not...
CVE-2017-1000479
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not...
CVE-2017-1000479
pfSense
Semrush: Single Sing On - Clickjacking
Description: Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on. Browsers Verified In: Any Steps To Reproduce: Create HTML file containg...
Inflection: Clickjacking on https://www.goodhire.com/api
Researcher discovered x-frame options missing...
pfSense 2.4.1 - CSRF Error Page Clickjacking Exploit
Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Clickjacking Vulnerability In CSRF Error Page pfSense', 'Description' = %q This module...
pfSense 2.4.1 - Cross-Site Request Forgery Error Page Clickjacking (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Clickjacking Vulnerability In CSRF Error Page pfSense', 'Description' = %q This module exploits a Clickjacking vulnerability in pfSense 'Yorick...
pfSense 2.4.1 CSRF Error Page Clickjacking
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Clickjacking Vulnerability In CSRF Error Page pfSense', 'Description' = %q This module exploits a Clickjacking vulnerability in pfSense 'Yorick...
CVE-2017-11290
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress or Clickjacking vulnerability exists. This issue has been resolved by adding a feature that enables Connect administrators to protect users from UI redressing or clickjacking attacks...
Spoofing
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress or Clickjacking vulnerability exists. This issue has been resolved by adding a feature that enables Connect administrators to protect users from UI redressing or clickjacking attacks...
CVE-2017-11290
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress or Clickjacking vulnerability exists. This issue has been resolved by adding a feature that enables Connect administrators to protect users from UI redressing or clickjacking attacks...
CVE-2017-11290
Adobe Connect 9.6.2 and earlier are affected by multiple vulnerabilities described in APSB17-35. The issues include: (1) SSRF bypassing network controls (CVE-2017-11291), (2) reflected XSS vulnerabilities (CVE-2017-11287, CVE-2017-11288, CVE-2017-11289), and (3) a UI redress/clickjacking vulnerab...
CVE-2017-11290
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress or Clickjacking vulnerability exists. This issue has been resolved by adding a feature that enables Connect administrators to protect users from UI redressing or clickjacking attacks...
VK.com: clickjacking в /lead_forms_app.php
Кликджекинг в «Форме сбора заявок». Можно было угнать номер и почту любого человека который нажмет на кнопкуbuton на нашем сайте, я считаю это довольно серьезно, ибо нажать кнопку можно было под любым предлогом, к примеру создав фейковый опрос на нашем сайте, а подтверждением голосования добавить...
pfSense < 2.4.2 RCE and CSRF Vulnerabilities
pfSense is prone to a remote code execution RCE and cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Clickjacking Vulnerability In CSRF Error Page pfSense
This module exploits a Clickjacking vulnerability in pfSense 'Clickjacking Vulnerability In CSRF Error Page pfSense', 'Description' = %q This module exploits a Clickjacking vulnerability in pfSense 'Yorick Koster', 'Payload'...
HP Matrix Operating Environment Point Hijacking Vulnerability
HP Matrix Operating Environment is a suite of cloud management software designed for infrastructure services from Hewlett-Packard HP. A point hijacking vulnerability exists in HP Matrix Operating Environment version 7.6 LR1, which can be exploited by an attacker to conduct a clickjacking attack v...
HP Matrix Operating Environment Point Hijacking Vulnerability (CNVD-2017-37920)
HP Matrix Operating Environment is a suite of cloud management software designed for infrastructure services from Hewlett-Packard HP. A point hijacking vulnerability exists in HP Matrix Operating Environment version 7.6 LR1, which can be exploited by an attacker to conduct a clickjacking attack v...
Adobe Connect Clickjacking Vulnerability
Adobe Connect is an online video conferencing software. A clickjacking vulnerability exists in Adobe Connect 9.6.2 and earlier versions. A remote user can exploit the vulnerability to hijack a target user's mouse clicks to act as the target user to perform actions on a website and obtain...