3797 matches found
UBUNTU-CVE-2016-2831
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service UI outage, or conduct clickjacking or spoofing attacks, via a crafted web site...
Entering fullscreen and persistent pointerlock without user permission — Mozilla
Security researcher sushi Anton Larsson reported that when paired fullscreen and pointerlock requests are done in combination with closing windows, a pointerlock can be created within a fullscreen window without user permission. This pointerlock cannot then be cancelled without terminating the...
Citrix NetScaler Gateway Clickjacking Vulnerability
Citrix NetScaler Gateway formerly Citrix Access Gateway Enterprise Edition is a secure remote access solution from Citrix Systems. The solution provides administrators with application-level and data-level controls to enable users to remotely access applications and data from any location. Citrix...
GLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH)
The remote host is affected by the vulnerability described in GLSA-201605-06 Mozilla Products: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker...
Apache ActiveMQ 5.x < 5.13.2 Clickjacking
Binary data 9318.prm...
Deriv.com: CJ vulnerability in subdomain
Ameer Assadi pointed out at one of our subdomain did not have clickjacking protection which had dynamic contents. WriteUp - http://ameeras.me/Binary-Clickjacking-vulnerability/...
Support drag-and-drop“click-hijacking vulnerability in”using the tools: CJExploiter-vulnerability warning-the black bar safety net
CJExploiter is a support drag-and-drop Clickjacking vulnerability using an auxiliary tool. First, in the local use browser to open“index.html”, enter the target URL and click on“View Site”to. You can customize the JS, and finally click on the“Exploit it”, you will be able to get the POC. !...
Gaping Security Hole in Android Platform Grows Larger, Researchers Claim
Security researchers at Skycure are upping the ante on a vulnerability that it says now leaves 95.4 percent of Android devices vulnerable to an attack that hands over control of a phone or tablet to an attacker. First reported at the RSA Conference in March, Skycure discovered a theoretical attac...
CJExploiter - Drag and Drop ClickJacking Exploit Development Assistance Tool
CJExploiter is drag and drop ClickJacking exploit development assistance tool. First open the "index.html" with your browser locally and enter target URL and click on "View Site". You can dynamically create your own inputs. Finally by click the "Exploit It" you can see the P0C. Summery...
WordPress SOME bug in plupload.flash.swf
WordPress SOME bug in plupload.flash.swf Intro WordPress 4.5.1 is vulnerable against a Same-Origin Method Execution SOME vulnerability that stems from an insecure URL sanitization process performed in the file plupload.flash.swf. The code in the file attempts to remove flashVars ¹ in case they ha...
Open-Xchange: nginx server vulnerable
1 Vulnerability: Clickjacking Vulnerable Domain: lists.dovecot.fi Vulnerable URL: http://lists.dovecot.fi/?C=N;O=D%3Cscript%3Ealert%22Thalaivarsubu%22%3C/script%3E Browser version: Google Chrome 50.0.2661.94 Operating system: Windows 7 Steps to Reproduce: iframe width: 800px; height: 500px;...
Uber: Clickjacking in love.uber.com
Hi , Your domain love.uber.com is vulnerable to Clickjacking. I'm able to load the domain love.uber.com in an iframe , so an attacker can certainly take advantage of this clickjacking bug in love.uber.com Click-jacking is a process of “stealing” clicks on your site, redirecting them to other...
Apache ActiveMQ Clickjacking Vulnerability (May 2016)
Apache ActiveMQ is prone to a clickjacking vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:activemq";...
EMC RSA Data Loss Prevention Clickjacking Vulnerability
EMC RSA Data Loss Prevention monitors network traffic and protects against data loss. A clickjacking vulnerability exists in EMC RSA Data Loss Prevention versions prior to 9.6 SP2 P5, which could allow a remote attacker to execute a clickjacking attack via constructed web site elements...
CVE-2016-0895
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity...
CVE-2016-0895
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity...
Code injection
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity...
CVE-2016-0895
CVE-2016-0895 affects EMC RSA Data Loss Prevention 9.6 before SP2 P5, where remote attackers can trigger clickjacking via web-site elements with crafted transparency/opacity. The connected sources confirm the product/version and the vulnerability class but do not provide exploitation details or c...
CVE-2016-0895
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity...
IBM Algorithmics Algo Risk Application Clickjacking Vulnerability
IBM Algorithmics is a suite of solutions that help financial institutions and corporate treasury departments develop risk profiles, and the Algo Risk Application is one of the integrated set of decision support tools. A clickjacking vulnerability exists in IBM Algorithmics Algo Risk Application,...