IBM License Metric Tool and Endpoint Manager for Software Use Analysis Clickjacking Vulnerability

IBM License Metric Tool is a free tool that helps IBM Passport Advantage customers determine their processor value unit PVU licensing needs; IBM Endpoint Manager for Software Use Analysis is a solution that enables overall software asset management by accurately discovering whether software in al...

CVE-2014-4778

IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element...

Design/Logic Flaw

IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element...

CVE-2014-4778

CVE-2014-4778 concerns IBM License Metric Tool (LM Tool) v9 and IBM Endpoint Manager for Software Use Analysis v9. The issue: the login page response lacks the X-Frame-Options header, enabling clickjacking through framing of the login page. Connected IBM bulletin confirms this and provides remedi...

CVE-2014-4778

IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element...

SUSE SLES11 Security Update : Samba (SUSE-SU-2014:0723-1)

This is a LTSS roll-up update for the Samba Server suite fixing multiple security issues and bugs. Security issues fixed : - CVE-2013-4496: Password lockout was not enforced for SAMR password changes, leading to brute force possibility. - CVE-2013-4408: DCE-RPC fragment length field is incorrectl...

Google Patches Clickjacking Bug in API Explorer

Google has patched a clickjacking vulnerability that a researcher says would enable an attacker to retrieve or delete email conversations, manipulate YouTube and Google Plus accounts, and more. A Google representative said in an email to Threatpost that the bug affected developers who had...

PHP Fusion 7.02.07 XSS / Clickjacking

Hi Team, Affected Vendor: https://www.php-fusion.co.uk/home.php Date: 04/05/2015 Creditee: http://osvdb.org/creditees/13518-vadodil-joel-varghese Type of vulnerability: Persistent XSS + Clickjacking Tested on: Windows 8.1 Product: PHP Fusion Version: 7.02.07 1 Cross Site Scripting...

Mozilla Firefox < 37.0 Multiple Vulnerabilities

Binary data 8742.prm...

HP Network Automation has multiple vulnerabilities

HP Network Automation is a suite of automated network configuration management tools. HP Network Automation has multiple security vulnerabilities that could allow an attacker to conduct cross-site scripting, cross-site request forgery, and clickjacking attacks to obtain sensitive information,...

HP Network Automation Multiple Remote Vulnerabilities (HPSBMU03264)

The version of HP Network Automation running on the remote host is affected by multiple vulnerabilities in the administrative web interface. These vulnerabilities include multiple cross-site request forgeries, cross-site scripting, and clickjacking vulnerabilities. An unauthenticated, remote...

HP Network Automation multiple security vulnerabilities

XSS, CSRF, clickjacking...

[security bulletin] HPSBMU03264 rev.1 - HP Network Automation, Multiple Remote Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04574207 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04574207 Version: 1 HPSBMU03264 rev....

Hewlett-Packard Network Automation contains multiple vulnerabilities

Overview HP Network Automation versions 9.0x, 9.1x, 9.2x, and 10.x contain multiple vulnerabilities affecting the administrative web interface. Description HP Network Automation versions 9.0x, 9.1x, 9.2x, and 10.x contain vulnerabilities in the administrative web interface, including multiple cro...

Juniper Junos X-Frame-Options Clickjacking (JSA10675)

According to its self-reported version number, the remote Juniper Junos device is affected by a clickjacking vulnerability due to J-Web missing the 'X-Frame-Options' HTTP header. A remote attacker can exploit this to trick a user into executing administrative tasks. TRUSTED...

Juniper Junos J-Web Clickjacking Vulnerability

Juniper Networks JUNOS is an operating system that runs on Juniper Networks' line of border routers and more. A security vulnerability exists in Juniper Networks JUNOS that allows remote attackers to exploit the vulnerability to conduct clickjacking attacks via X-Frame-Options...

CVE-2015-3004

J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R5, 14.1 before 14.1R3, 14.1X53 befor...

Design/Logic Flaw

J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R5, 14.1 before 14.1R3, 14.1X53 befor...

CVE-2015-3004

J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R5, 14.1 before 14.1R3, 14.1X53 befor...

CVE-2015-3004

CVE-2015-3004 affects Juniper Junos J-Web across listed 11.4, 12.x, 13.x, 14.x versions. Root cause: J-Web fails to emit an X-Frame-Options header, enabling remote clickjacking. Impact is generally exposure to UI spoofing/administrative actions via a framed page. Affected products/versions includ...