CVE-2012-4379

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element...

CVE-2012-4379

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element...

Blazy - Modern Login Bruteforcer Which Also Tests For CSRF, Clickjacking, Cloudflare and WAF

Blazy is a modern login page bruteforcer. Features Easy target selections Smart form and error detection CSRF and Clickjacking Scanner Cloudflare and WAF Detector 90% accurate results Checks for login bypass via SQL injection Multi-threading 100% accurate results Better form detection and...

Apache OpenMeetings Cross-Site Request Forgery Vulnerability

Apache OpenMeetings is the United States Apache Apache Software Foundation developed a set of multi-language customizable video conferencing and collaboration system, which supports audio, video and allows users to view each participant's desktop and so on. A cross-site request forgery...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A security vulnerability exists ...

Clickjacking Attacks

Hive HCatalog Webhcat is vulnerable to clickjacking attacks. The attacks exist due to the lack of the X-Frame-Options header in the HTTP responses sent by the web server...

Debian DLA-1119-1 : otrs2 security update

An attacker who is logged into OTRS, a Ticket Request System, as an agent with write permissions for statistics can inject arbitrary code into the system. This can lead to serious problems like privilege escalation, data loss, and denial of service. This issue is also known as CVE-2017-14635 and ...

[SECURITY] [DLA 1119-1] otrs2 security update

Package : otrs2 Version : 3.3.18-1deb7u1 CVE ID : CVE-2014-1695 CVE-2014-2553 CVE-2014-2554 CVE-2017-14635 Debian Bug : 876462 An attacker who is logged into OTRS, a Ticket Request System, as an agent with write permissions for statistics can inject arbitrary code into the system. This can lead t...

Aspen: aspen | clickjacking

Hi Team, Found vulnerability of clickjacking on the domain "aspen.io". Please refer the below attached screenshot as POC. Clickjack test page Website is vulnerable to clickjacking! 2.save it as .html eg cj.html 3.and just simply open that in browser Issue Details :Clickjacking User Interface...

Shopify: Stored XSS in partners dashboard

Hello Stored XSS and UI redressing on https://partners.shopify.com/partnerID/confirm. PoC: 1.Change your First Name and Last Name with XSS payload on https://accounts.shopify.com/account 2.Create an account on https://partners.shopify.com/ or if you have an account on...

Legal Robot: Clickjacking in Legalrobot app

Dear Team, POC Please find attached screenshots Steps to reproduce: create index.html file with following content: Open index.html in browser Actual result: Legalrobot email verification page is viewed in iframe. Remediation: Frame busting technique is the better framing protection technique...

Hiro: Clickjacking https://blockstack.org/

https://blockstack.org/ does not return an X-FRAME-OPTIONS header. However, because blockstack.org does not contain any endpoints where the UI is rendered to invoke a state change action on behalf of users, we do not believe that click-jacking presents a security vulnerability. see this informati...

Clickjacking Attacks

concrete5/concrete5 is vulnerable to clickjacking attacks. The attacks are possible due to the library not providing an option to send X-Frame-Options header in the servers response...

Gratipay: clickjacking on https://gratipay.com/on/npm/[text]

hi team .. i found clickjacking URL on https://gratipay.com/on/npm/here this clickjacking must be 3 characturs and must be 5 number this entered endpoint of URL .. please fixed soon https://gratipay.com/on/npm/text step respond 1- go to https://gratipay.com/on/npm/text 2 - check name or number...

WordPress: Clickjacking irclogs.wordpress.org

Hello! @wordpress security team, I'm Md Sameull Soykot @sameull . Recently I have tested you all sub-domain and got a domain which is vulnerable named as clickjacking. I have attached my video Poc for details. Hope you will fix this issue as soon as possible. Reference:...

Clickjacking Through Frames

bolt/bolt is vulnerable to clickjacking attacks. The vulnerability exists as bolt did not have sameorigin set in the X-Frame-Options header...

Mautic SSO/OAuth2 Plugin Cross-Site Request Forgery Vulnerability

Mautic is an open source marketing automation management software developed and maintained by the Mautic community. The software has features such as monitoring websites, creating web pages and sending emails.Mautic SSO/OAuth2 is one of the single sign-on plug-ins based on the OAuth2 a secure log...

WordPress: Clickjacking mercantile.wordpress.org

A Clickjaking Issue had been previously reported by "giantfire" on Aug 9th 19 days ago and the issue was fixed by "iandunn" on Aug 25th 3 days ago and the same disclosed on Aug 28th. Here the affected URL is- https://mercantile.wordpress.org/ "iandunn closed the report and changed the status to...

New multi platform malware/adware spreading via Facebook Messenger

One good thing about having a lot of Facebook friends is that you simply act as a honey pot when your friends click on malicious things. A few days ago I got a message on Facebook from a person I very rarely speak to, and I knew that something fishy was going on. After just a few minutes analyzin...

Beware of Windows/MacOS/Linux Virus Spreading Through Facebook Messenger

If you came across any Facebook message with a video link sent by anyone, even your friend — just don’t click on it. Security researchers at Kaspersky Lab have spotted an ongoing cross-platform campaign on Facebook Messenger, where users receive a video link that redirects them to a fake website,...