3797 matches found
BSA-2017-279
Security Advisory ID : BSA-2017-279 Component : JBOSS Revision : 2.0: Interim The Management Console in Red Hat Enterprise Application Platform before 6.4.4 andWildFlyformerlyJBossApplication Server does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduc...
Kerio Connect and Kerio Connect Client for Windows and Mac Clickjacking Vulnerability
Kerio Connect is a professional mail mail server setup software.Kerio Connect Client for Windows and Mac is a desktop application for Windows and Mac with features to manage email, chat messages, calendar, contacts, tasks and notes. A security vulnerability exists in Kerio Connect versions 8.0.0...
Yelp: User can be fooled to Bookmark any restaurant by clickjacking
In this report https://hackerone.com/reports/214087 you people said the clickjacking issue is fixed but i have found another issue of clickjacking. Using clickjacking attacker can fooled an user to bookmark n numbers of restuarants. I am attaching a PoC video , watch the video...
Yelp: ClickJacking in editing business name
SUMMARY: Hope you guys are doing great. I found clickjacking vulnerability while updating business page.One of the endpoints which is vulnerable to clickjacking is https://www.yelp.com/bizattribute?bizid=RIyHYSf3lyJcFb4El9T4tQ . Clickjacking User Interface redress attack, UI redress attack, UI...
Clickjacking Attacks
github.com/sensu/uchiwa is vulnerable to clickjacking attacks. The vulnerability exists due to the lack of X-Frame-Options header in the HTTP responses sent by the web server...
CVE-2017-7440
Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message...
Code injection
Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message...
CVE-2017-7440
Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message...
CVE-2017-7440
Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message...
CVE-2017-7440
Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message...
CVE-2017-7440
Kerio Connect (versions 8.0.0–9.2.2) and Kerio Connect Client (Windows/Mac, versions 9.2.0–9.2.2) are affected by a clickjacking vulnerability when email preview is enabled. A remote attacker could exploit a specially crafted email to perform clickjacking. Impact is described as enabling (partial...
Weblate: ClickJacking on Debug
Proof Of Concept: Related Issue on report 225543 1. Navigate to https://debug.weblate.org 2. As you notice it is forbidden. 3. just vulnerable by clickjacking. 3. Now the user report to CIA to open. 4. Redirect to MaliciousSite.com I uploaded the poc.html Thanks,...
PT-2017-17737 · Kerio +2 · Kerio Connect +3
Name of the Vulnerable Software and Affected Versions: Kerio Connect versions 8.0.0 through 9.2.2 Kerio Connect Client desktop application for Windows and Mac versions 9.2.0 through 9.2.2 Description: The issue allows remote attackers to conduct clickjacking attacks via a crafted e-mail message...
Weblate: Clickjacking docs.weblate.org
Hi, Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their...
WordPress: Clickjacking In jobs.wordpress.net
A clickjacking issue was reported due to lack of security headers. It was not assessed as a security issue but a hardening fix was still deployed, without a bounty, as issues arising out of "Lack of HTTP security headers" are not applicable...
Nextcloud: Clickjacking In https://demo.nextcloud.com
Hi Nextcloud, Clickjacking In https://demo.nextcloud.com This Is Zeeshan,An Ethical Hacker, I Have Found A Security Issue In Your Site Clickjacking In nextcloud https://demo.nextcloud.com Page Website is vulnerable to clickjacking! Please Fix It As Soon As Possible Best Regards, Zeeshan Waheed...
Code injection
Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks...
CVE-2016-4844
Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks...
CVE-2016-4844
Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks...
CVE-2016-4844
CVE-2016-4844 : Cybozu Mailwise is vulnerable to clickjacking in versions before 5.4.0. Several sources (NVD entry for CVE-2016-4844 and OpenVAS/JS references) specify vulnerable ranges such as 5.0.0–5.3.2 and indicate that an attacker could trick authenticated users into unintended actions by lo...