In-Brief: Telegram Vulnerability, Malware in Nuclear Plant, Anti-Tor Malware and Hotpatching Exploit

Clickjacking Vulnerability in Telegram Web Client The official Telegram web-client that allows its users to access messenger account over desktop’s web browser is vulnerable to clickjacking web application vulnerability. Egyptian security researcher Mohamed A. Baset told The Hacker News about a...

Automattic: WordPress SOME bug in plupload.flash.swf leading to RCE

Intro == WordPress is vulnerable against a Same-Origin Method Execution SOME vulnerability that stems from an insecure URL sanitization problem performed in the file plupload.flash.swf. The code in the file attempts to remove flashVars ¹ in case they have been set GET parameters but fails to do s...

IBM Security Privileged Identity Manager Clickjacking Vulnerability

IBM Security Privileged Identity Manager is an identity management product within an identity supervision solution. A clickjacking vulnerability exists in IBM Security Privileged Identity Manager, which allows an attacker to construct a malicious URI, trick users into parsing it, and redirect the...

MyBB < 1.8.7 Multiple Vulnerabilities

Binary data 9275.prm...

IBM Financial Transaction Manager for Corporate Payment Services Clickjacking Vulnerability

IBM Financial Transaction Managerfor Corporate Payment Services is a financial transaction manager product that focuses on monitoring, tracking, and reporting financial payments and transactions. A clickjacking vulnerability exists in IBM FTM for Corporate Payment Services on multiple platforms,...

APITest.IO: Clickjacking: X-Frame-Options header missing

same as this report https://hackerone.com/reports/7492 vulnerable :- sign in ,sign up ,and main domain poc attached...

CVE-2016-0734

The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a 1 FRAME or 2 IFRAME element...

CVE-2016-0734

The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a 1 FRAME or 2 IFRAME element...

Design/Logic Flaw

The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a 1 FRAME or 2 IFRAME element...

CVE-2016-0734

The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a 1 FRAME or 2 IFRAME element...

CVE-2016-0734

CVE-2016-0734 affects Apache ActiveMQ 5.x before 5.13.2. The vulnerability arises because the web-based Admin Console does not send the X-Frame-Options header, enabling clickjacking via a crafted page containing FRAME/IFRAME elements. Connected IBM/industry reports corroborate the CVE and tie rem...

CVE-2016-0734

The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a 1 FRAME or 2 IFRAME element...

CVE-2016-0734

The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a 1 FRAME or 2 IFRAME element...

New Relic: Clickjacking on authenticated pages which is inscope for New Relic

Steps to reproduce: 1.Open newrelic sitehttps://newrelic.com/signup 2.Put the signup page in clickjacking code iframe width: 800px; height: 500px; position: absolute; top: 0; left: 0; filter: alphaopacity=50; opacity: 0.5; 3.Observe that site is accesible from the iframe through which an attacker...

Falcon System Consulting WisePoint and WisePoint Authenticator Clickjacking Attack Vulnerability

Falcon System Consulting WisePoint and WisePoint Authenticator are products of Falcon System Consulting, Japan. The former is an authentication system, and the latter is a product for enhancing the authentication mechanism of RADIUS protocol-enabled devices, such as SSL-VPN devices. A security...

CVE-2016-1177

The management screen in Falcon WisePoint 4.3.1 and earlier and WisePoint Authenticator 4.1.19.22 and earlier allows remote attackers to conduct clickjacking attacks via unspecified vectors...

Code injection

The management screen in Falcon WisePoint 4.3.1 and earlier and WisePoint Authenticator 4.1.19.22 and earlier allows remote attackers to conduct clickjacking attacks via unspecified vectors...

CVE-2016-1177

The management screen in Falcon WisePoint 4.3.1 and earlier and WisePoint Authenticator 4.1.19.22 and earlier allows remote attackers to conduct clickjacking attacks via unspecified vectors...

CVE-2016-1177

The CVE-2016-1177 entry concerns Falcon WisePoint and WisePoint Authenticator, where the management screen is vulnerable to clickjacking. Concrete details from connected sources show that WisePoint 4.3.1 and earlier, and WisePoint Authenticator 4.1.19.22 and earlier are affected. The root cause i...

CVE-2016-1177

The management screen in Falcon WisePoint 4.3.1 and earlier and WisePoint Authenticator 4.1.19.22 and earlier allows remote attackers to conduct clickjacking attacks via unspecified vectors...