3797 matches found
Mail.ru: Clickjacking Full account takeover and editing the personal information at [account.my.com]
Hi, while i was testing i found that my.com is vulnerable to clickjacking so i checked if the settings page is vulnerable or not and it was vulnerable so now this has a risk!, the attacker could make an exploit code at the changing password page to takeover the victim account, and the same with t...
WordPress: Clickjacking - https://mercantile.wordpress.org/
Hi team, While performing security testing of your website i have found the vulnerability called Clickjacking. What is Clickjacking ? Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user into clicking on something different...
CVE-2017-3101
Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a clickjacking attack...
CVE-2017-3101
Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a clickjacking attack...
Design/Logic Flaw
Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a clickjacking attack...
CVE-2017-3101
Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a clickjacking attack...
CVE-2017-3101
CVE-2017-3101 affects Adobe Connect for Windows (Adobe Connect 9.6.1 and earlier). The vulnerability is described as a UI redressing/clickjacking issue, where exploitation could lead to a clickjacking attack. The linked advisories note that this CVE, along with CVE-2017-3102 and CVE-2017-3103, wa...
Adobe Connect Clickjacking Vulnerability
Adobe Connect for Windows formerly known as Macromedia Breeze is the United States of America Odobie Adobe company's set of Windows-based enterprise-class network communication solutions. The program provides web conferencing, e-learning and webinar features. A clickjacking vulnerability exists i...
Adobe Connect Multiple Vulnerabilities (APSB17-22)
Adobe Connect is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:connect"; ifdescription...
Adobe Connect <= 9.6.1 Multiple Vulnerabilities (APSB17-22)
The version of Adobe Connect installed on the remote host is prior to 9.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb17-22 advisory. - Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a...
APSB17-22 Security update available for Adobe Connect
Adobe has released a security update for Adobe Connect for Windows. This update resolves two input validation vulnerabilities CVE-2017-3102, CVE-2017-3103 that could be used in reflected and stored cross-site scripting attacks, respectively. This update also includes a mitigation to protect users...
Missing Secure Headers
openmeetings-db is vulnerable to missing secure headers. The library does not use secure HTTP headers, allowing a malicious user to conduct various attacks such as clickjacking...
WakaTime: Clickjacking on authorized page https://wakatime.com/share/embed
Hii, https://wakatime.com/share/embed is vulnerabel to clickjaking. Description: I found the resource on https://wakatime.com/share/embed, which can be vulnerable to the Clickjacking. Impact The resource without X-Frame-Options potentially vulnerable to the Clickjacking. The vulnerability exist...
WakaTime: UI Redressing on Embedded Charts
Hi Team, Wanna report you that Embedded Charts part is missing X-Frame-Options header hence vulnerable to clickjacking vulnerability. PoC: Just login to your account and open below html page you can see how simply victim can be clickjacked. Click You've been clickjacked! iframe id="parentFrame"...
Intel Active Management Technology (AMT) Web UI Clickjacking Weakness (INTEL-SA-00081) (remote check)
The Intel Management Engine on the remote host has Active Management Technology AMT enabled, and according to its self-reported version in the banner, it is running Intel manageability firmware version 9.0.x or 9.1.x prior to 9.1.40.1000, 9.5.x prior to 9.5.60.1952, 10.0.x prior to 10.0.50.1004,...
Intel AMT firmware clickjacking vulnerability
Intel AMT firmware A processor management firmware from Intel Corporation of the U.S.A. Web User Interface is one of the Web management interfaces. A clickjacking vulnerability exists in the Web User Interface of the Intel AMT firmware, which arises from a failure of the program to adequately...
Gratipay: CSP Policy Bypass and javascript execution Still Not Fixed
Summary Content Security Policy CSP is a computer security standard introduced to prevent cross-site scripting XSS, clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. CSP provides a standard method for website owners to...
Intel AMT Clickjacking Vulnerability - us
Lenovo Security Advisory: LEN-14005 Potential Impact: Information Disclosure Severity: Medium Scope of Impact: Industry-Wide CVE Identifier: CVE-2017-5697 Summary Description: Insufficient clickjacking protection in the Web User Interface of Intel® AMT firmware versions before 9.1.40.100,...
Intel AMT Clickjacking Vulnerability - Lenovo Support US
No description provided...
Intel Active Management Technology Clickjacking Vulnerability (INTEL-SA-00081)
Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware potentially allows a remote attacker to hijack users web clicks via attacker SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by t...