CVE-2015-2053

The log viewer in McAfee Agent MA before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks via a crafted web page, aka an "http-generic-click-jacking" vulnerability...

Spoofing

The log viewer in McAfee Agent MA before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks via a crafted web page, aka an "http-generic-click-jacking" vulnerability...

CVE-2015-2053

The log viewer in McAfee Agent MA before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks via a crafted web page, aka an "http-generic-click-jacking" vulnerability...

CVE-2015-2053

The CVE-2015-2053 issue affects McAfee Agent log viewing: if the “Accept connections only from the ePO server” setting is disabled, remote attackers can perform a clickjacking attack via a crafted web page. Affected releases are MA 4.8.0 prior to Patch 3 and MA 5.0.0 prior to 5.0.1 (and related M...

KLA10484 Interface spoofing vulnerability in McAfee Agent

An unspecified vulnerability was found in McAfee Agent. By exploiting this vulnerability malicious users conduct clicjacking attack. This vulnerability can be exploited remotely via a specially designed web page. Original advisories McAfee bulletin Related products McAfee-Agent CVE list...

4images Cross Site Scripting / Clickjacking

Affected software: 4images Type of vulnerability: clickjacking,xss URL: http://www.4homepages.de/ Discovered by: Provensec Website: http://www.provensec.com Description: 4images is a powerful web-based image gallery management system. Features include comment system, user registration and...

Cross site scripting

The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS" issue, aka B...

CVE-2014-2147

The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS" issue, aka B...

CVE-2014-2147

The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS" issue, aka B...

CVE-2014-2147

The CVE-2014-2147 issue affects Cisco Prime Infrastructure 2.1 and earlier, where the web interface does not properly restrict IFRAME use, due to insufficient HTML iframe protection. This enables cross-frame scripting (XFS) attacks, including clickjacking, via a crafted attacker-controlled page. ...

Cisco Prime Infrastructure Cross-Frame Scripting Vulnerability

A vulnerability in the web interface of the Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user ...

Google Play Bug Can Allow Code Execution

Using a combination of vulnerabilities in the Google Play store and the Android stock browser, attackers can install malicious apps remotely on some Android devices. The attack is the result of a failure on the part of Google’s Play Store Web application to completely enforce the X-Frame-Options...

CVE-2015-0599

The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System UCS on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web...

Cross site scripting

The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System UCS on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web...

CVE-2015-0599

The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System UCS on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web...

CVE-2015-0599

Cisco UCS C-Series Rack Servers’ Integrated Management Controller web interface is vulnerable to cross-frame scripting due to insufficient iframe protection. An unauthenticated, remote attacker can lure a user to a malicious page containing iframes, enabling clickjacking or other client-side atta...

Cisco UCS C-Series Rack Servers Integrated Management Controller Cross-Frame Scripting Vulnerability

A vulnerability in the web interface of the Cisco Integrated Management Controller of the Cisco Unified Computing System C-Series Rack Servers could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe...

Oracle Solaris Third-Party Patch Update : samba (multiple_vulnerabilities_in_samba_web)

The remote Solaris system is missing necessary patches to address security updates : - The Samba Web Administration Tool SWAT in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a 1 FRAME or 2 IFRAME element...

CVE-2014-6197

IBM Security Network Protection 5.1.x and 5.2.x before 5.2.0.0 FP5 and 5.3.x before 5.3.0.0 FP1 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

Code injection

IBM Security Network Protection 5.1.x and 5.2.x before 5.2.0.0 FP5 and 5.3.x before 5.3.0.0 FP1 allows remote attackers to conduct clickjacking attacks via unspecified vectors...