Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.4 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.4 and fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common...

AS/WildFly: missing X-Frame-Options header leading to clickjacking

It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.4 jboss-ec2-eap update

Updated jboss-ec2-eap packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat JBoss Enterprise Application Platform 6.4.4 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact...

CVE-2015-4992

IBM Sterling B2B Integrator 5.2 before 50205008 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors...

CVE-2015-4992

IBM Sterling B2B Integrator 5.2 before 50205008 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors...

Code injection

IBM Sterling B2B Integrator 5.2 before 50205008 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors...

CVE-2015-4992

IBM Sterling B2B Integrator (versions 5.1 and 5.2) is affected by CVE-2015-4992, a clickjacking vulnerability. A remote attacker could hijack a user’s click actions by luring them to a malicious page, enabling UI redress attacks. Remediation in the IBM advisories involves applying interim fixes: ...

CVE-2015-4992

IBM Sterling B2B Integrator 5.2 before 50205008 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors...

IBM Sterling B2B Integrator Clickjacking Vulnerability

IBM Sterling B2B Integrator is a suite of software that integrates essential B2B processes, transactions and relationships. IBM Sterling B2B Integrator suffers from a security vulnerability that allows a remote attacker to hijack a user's click-to-action by sending a specially crafted HTTP reques...

CVE-2015-2917

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a 1 FRAM...

Design/Logic Flaw

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a 1 FRAM...

CVE-2015-2917

The CVE-2015-2917 entry affects Securifi Almond devices and Almond 2015 devices where the web management interface omits the X-Frame-Options header, enabling clickjacking via crafted pages using FRAME/IFRAME/OBJECT. Root cause: missing X-Frame-Options header in affected firmware before AL1-R201EX...

CVE-2015-2917

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a 1 FRAM...

Orient Technologies Studio for OrientDB Server Community Edition Clickjacking Vulnerability

Orient Technologies Studio for OrientDB Server Community Edition is a community edition of OrientDB Server from Orient Technologies, UK. Orient Technologies Studio for OrientDB Server Community Edition fails to enforce the same-origin policy by default in the X-Frame-Options response header,...

Securifi Almond Access Restriction Bypass Vulnerability

Securifi Almond is a wireless router product from Securifi. The Securifi Almond 2015's web management interface does not enforce the same-origin policy in the X-Frame-Options response header, allowing remote attackers to exploit specially crafted web pages that can be used for clickjacking attack...

Coinbase: OAUTH pemission set as true= lead to authorize malicious application

OAuth authorize button in the Coinbase Android App did not have the android:filterTouchesWhenObscured attribute set to true, which may have made it vulnerable to tap-jacking. Reported UI Redressing Clickjacking For Mobile application of Coinbase , attack scenario is same as...

OrientDB and Studio prior to version 2.1.1 contain multiple vulnerabilities

Overview Studio for OrientDB Server Community Edition version prior to version 2.1.1 contains several vulnerabilities. Description CWE-352: Cross-Site Request Forgery CSRF - CVE-2015-2912The Studio web interface to OrientDB contains a CSRF vulnerability. An attacker can perform actions with the...

X (Formerly Twitter): Highly wormable clickjacking in player card

Hi, I would like to report an issue where player card is vulnerable to clickjacking in certain browsers. This may result in something similar to XSS worm and many other critical damages. Details Twitter Player Card allows a website to embed a custom playerhtml into an iframe in a tweet. There are...

Web Application Potentially Vulnerable to Clickjacking

The remote web server does not set an X-Frame-Options response header or a Content-Security-Policy 'frame-ancestors' response header in all content responses. This could potentially expose the site to a clickjacking or UI redress attack, in which an attacker can trick a user into clicking an area...

Clickjacking

Overview Affected versions of this package are vulnerable to Clickjacking. By enabling the SVG setting without taking other precautions, you might expose your application to click-hijacking attacks. In these attacks, sanitized SVG elements could be positioned outside of the containing element and...