3797 matches found
Design/Logic Flaw
Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page...
CVE-2017-5697
Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page...
CVE-2017-5697
Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page...
CVE-2017-5697
Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page...
CVE-2017-5697
CVE-2017-5697 concerns insufficient clickjacking protection in the Web UI of Intel AMT firmware. Affected Intel AMT firmware versions are prior to 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129. The issue allows a remote attacker to hijack users' web clicks via a crafted pa...
PT-2017-16677 · Intel · Intel Amt
Name of the Vulnerable Software and Affected Versions: Intel AMT firmware versions prior to 9.1.40.1000 Intel AMT firmware versions prior to 9.5.60.1952 Intel AMT firmware versions prior to 10.0.50.1004 Intel AMT firmware versions prior to 11.0.0.1205 Intel AMT firmware versions prior to...
CVE-2017-7667
Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin...
Coinbase: X-Frame-Options
Report noted that status.coinbase.com is embed-able due to its current X-Frame-Options. As there was not a demonstrated link susceptible to clickjacking, this was not a security issue, but notification of the lack of this header was considered Informative. Note: per our policy, reports for...
Intel® AMT Clickjacking Vulnerability
Summary: Insufficient clickjacking protection in the Web User Interface of Intel® AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page. Description:...
Mixmax: Clickjacking on Mixmax.com
mixmax.com was vulnerable to clickjacking...
OLX: OLX is vulnerable to clickjaking
A Olx.com webpage was vulnerable to a Clickjacking attack that could have lead to account sensitive information disclosure. @spiyushsonikumar1671 was able to demonstrate this vulnerability by crafting a specially formatted webpage with iframe embedded. We would like to thanks for this report...
Cuvva: Clickjacking vulnerability in support-dashboard.corp.cuvva.co
Hi i found a clickjacking vulnerability in the subdomain of cuvva.com i.e, support-dashboard.corp.cuvva.co Impact: The resource without X-Frame-Options potentially vulnerable to the Clickjacking. The vulnerability exist only for authenticated users possible UI redressing in the Dashboard PoC: 1. ...
Android Overlay and Accessibility Features Leave Millions at Risk
University researchers are warning that two features, not flaws, core to Google’s Android mobile operating system can be used together to launch clickjacking attacks to gain control of a target’s phone. The discovery was made by researchers at Georgia Institute of Technology, who call the researc...
Cuvva: https://admin.corp.cuvva.co/ is vulnerable to Clickjacking attacks due to missing X-Frame-Options
Description: I found the resource on https://admin.corp.cuvva.co/, which can be vulnerable to the Clickjacking. Impact The resource without X-Frame-Options potentially vulnerable to the Clickjacking. The vulnerability exist only for authenticated users possible UI redressing in the Dashboard...
WordPress: Clickjacking wordcamp.org
Hello Security, Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking contro...
CVE-2017-4015
Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header...
Design/Logic Flaw
Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header...
CVE-2017-4015
Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header...
CVE-2017-4015
Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header...
CVE-2017-4015
CVE-2017-4015 affects McAfee Network Data Loss Prevention (NDLP) 9.3.x. A remote authenticated attacker can hijack the victim’s click actions by sending specially crafted HTTP response headers to inject arbitrary web scripts/HTML. Root cause: improper validation of user-supplied HTTP response hea...