CVE-2016-4844

Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks...

Debian DLA-897-1 : qbittorrent security update

CVE-2017-6503 WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. CVE-2017-6504 WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking. For Debian 7 'Wheezy', these problems have been...

[SECURITY] [DLA 897-1] qbittorrent security update

Package : qbittorrent Version : 2.9.8-1+deb7u1 CVE ID : CVE-2017-6503 CVE-2017-6504 CVE-2017-6503 WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. CVE-2017-6504 WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which coul...

Stories From Two Years in an IoT Honeypot

SINT MAARTEN—Curious just how susceptible some of the more vulnerable IoT devices are, a researcher set up a series of honeypots at his friends’ houses to record traffic, exploit attempts and other statistics. Dan Demeter, a junior security researcher with Kaspersky Lab’s Global Research and...

QNAP QTS < 4.2.4 Build 20170313 Multiple Vulnerabilities - Active Check

QNAP QTS web user interface is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts";...

Missing 'X-Frame-Options' Header

Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their...

Novell eDirectory Multiple Vulnerabilities (Mar 2017)

Novell / NetIQ eDirectory is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:netiq:edirectory"...

NetIQ Access Manager Clickjacking Vulnerability

NetIQ Access Manager NAM is a resource access control solution from NetIQ, USA. The solution provides multiple authentication, data encryption, single sign-on and SSL VPN for local and remote users. A clickjacking vulnerability exists in NetIQ Access Manager. A remote attacker could exploit this...

Novell eDirectory Clickjacking Vulnerability

Novell eDirectory is an identity management infrastructure platform that combines identity management architecture and directory services technology from Novell, USA. The platform provides authentication policies, data backup and recovery services, data disaster recovery and other functions. A...

Red Hat Dashbuilder Clickjacking Vulnerability

Red Hat Dashbuilder is the United States Red Hat Red Hat company developed a set of open source for building business dashboards and reporting platform. A clickjacking vulnerability exists in Red Hat Dashbuilder. An unauthenticated attacker could exploit the vulnerability to compromise an affecte...

QNAP QTS < 4.2.4 Build 20170313 Multiple Vulnerabilities - Version Check

QNAP QTS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts"; ifdescription...

Design/Logic Flaw

NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting...

CVE-2016-5755

NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting...

Design/Logic Flaw

A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking...

CVE-2016-9168

A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking...

CVE-2016-5755

NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting...

CVE-2016-9168

A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking...

CVE-2016-5755

NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting...

CVE-2016-9168

A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking...

CVE-2016-9168

CVE-2016-9168 affects Novell eDirectory’s NDSD (NDS Utility Monitor) prior to version 9.0.2, where a missing X-Frame-Options header could enable clickjacking by remote attackers. The vulnerability is documented across multiple feeds (NVD entry and cross-references in CNVD/OpenVAS records) and is ...