CVE-2016-5755

CVE-2016-5755 affects NetIQ Access Manager; versions 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 are vulnerable to clickjacking due to a missing SAMEORIGIN filter in the "high encryption" setting. The connected documents corroborate this description and identify the affected product and the s...

LastPass: domain regex doesn't handle data and other pseudo-url schemes

I previously found a design flaw in lastpass that affected the 4.x branch of lastpass issue 884. They confirmed the vulnerability, but explained that most of their users use an older branch from addons.mozilla.org. I took a look at the addons.mozilla.org version 3.3.2 as of this writing, and...

Mail.ru: Stored XSS

Clickjacking and self-XSS in http://whiskas.ny.mail.ru/. This project is not currently in the bug bounty scope. I've found a Stored Self-XSS and turned it to be exploitable through Clickjacking...

Yelp: Clickjacking Vulnerability found on Yelp

As many companies do, Yelp set its X-Frame-Options to SAME ORIGIN in its HTTP headers; but unfortunately our exploitation proves that not all the pages are protected. With the use of iframes in the html document, I was able to discover a clickjacking vulnerabilities on Yelp.com, and this...

HumHub 1.0.1 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: HumHub 1.0.1 and earlier Fixed in: 1.1.1 Fixed Version https://www.humhub.org/en/download/default/form?version=1.1.1 Link: &type=zip Vendor Website: https://www.humhub.org/ Vulnerability XSS Type: Remote Yes Exploitable:...

Dashbuilder: Lack of clickjacking protection on the login page

It was discovered that the Dashbuilder login page could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...

Moderate: Red Hat Security Advisory: Red Hat JBoss BPM Suite security update

An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

CVE-2017-2658

It was discovered that the Dashbuilder login page could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...

IBM Integration Bus 8.x < 8.0.0.8 / 9.x < 9.0.0.7 / 10.x < 10.0.0.7 Clickjacking

The version of IBM Integration Bus formerly known as IBM WebSphere Message Broker is 8.x prior to 8.0.0.8, 9.x prior to 9.0.0.7, or 10.x prior to 10.0.0.7. It is, therefore, affected by a clickjacking vulnerability in the administrative web UI due to a failure to set the X-Frame-Options header in...

CVE-2017-6504

WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking...

Code injection

WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking...

CVE-2017-6504

WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking...

DEBIAN-CVE-2017-6504

WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking...

CVE-2017-6504

WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking...

UBUNTU-CVE-2017-6504

WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking...

CVE-2017-6504

CVE-2017-6504 affects the qBittorrent WebUI prior to 3.3.11, where the application did not set the X-Frame-Options header, potentially enabling clickjacking. Public details in the provided documents confirm the vulnerable component (WebUI), the condition (before 3.3.11), and the impact (clickjack...

CVE-2017-6504

WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking...

IBM WebSphere Message Broker Clickjacking Vulnerability

IBM WebSphere Message Broker now known as IBM Integration Bus is an enterprise service bus ESB product from IBM, USA. The product provides connectivity and common data transformations for Service Oriented Architecture SOA environments and non-SOA environments. A clickjacking vulnerability exists ...

Brave Software: Clickjacking or URL Masking

I am able to reproduce the bug in : Brave: 0.13.2 rev: 25b1199fb6154b089cbad37926483239495b9800 Muon: 2.0.19 libchromiumcontent: 54.0.2840.100 V8: 5.4.500.41 Node.js: 7.0.0 Update Channel: dev os.platform: win32 os.release: 6.1.7601 os.arch: x64 Steps to reproduce : 1. Open click.html 2. Then try...

WebSummit: found a vulnerability in your website

the vulnerability in your website is something called clickjacking or x-frame options header not set . when X-frame options header is not included in the HTTP the attacker can attack your website by clickjacking. so what is x-frame options? The X-Frame-Options HTTP response header can be used to...