Respondly: Clickjacking - changing role

Hi, I'm able to frame the page, when I make a frame with a opacity of 0 and a button at the position of the role switch I can change the role without the victim knowing that. a POC screen : http://prntscr.com/3ay0mh a POC code : Best regards, Olivier Beg...

Localize: ClickJacking

It allows remote attackers to do some clickjacking which can be used for adding arbitrary tasks . Why? Almost all of your page has missing X-FRAME-OPTIONS header. Websites are at risk of a clickjacking attack when they allow content to be embedded within a frame. An attacker may use this risk to...

Yahoo!: clickjacking on leaving group(flick)

Thank you for your submission to Yahoo’s Bug Bounty program. While we recognize the effort that you put into the research and writing of a report for us to evaluate, but unfortunately this bug has already been reported to us. We appreciate your adherence to responsible disclosure guidelines and...

Yahoo!: Bypass of the Clickjacking protection on Flickr using data URL in iframes

Thank you for your submission to the Yahoo Bug Bounty program. We were able to reproduce the issue you reported and have implemented appropriate fixes. We appreciate your adherence to responsible disclosure guidelines and look forward to your future participation in the program...

Khan Academy: Possible clickjacking at shop.khanacademy.org

Hello there, the website at shop.khanacademy.org isn't protected against clickjacking properly. PoC curl -L -I http://shop.khanacademy.org/ HTTP/1.1 200 OK Server: nginx Date: Tue, 08 Apr 2014 00:33:39 GMT Content-Type: text/html; charset=utf-8 Vary: Accept-Encoding Status: 200 OK X-XSS-Protectio...

OTRS Help Desk 3.1.x < 3.1.21, 3.2.x < 3.2.16, 3.3.x < 3.3.6 Multiple Vulnerabilities

Open Ticket Request System OTRS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:otrs:otrs";...

FreeBSD : otrs -- Clickjacking issue (ffa7c6e4-bb29-11e3-8136-60a44c524f57)

The OTRS Project reports : An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in OTRS. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database...

OTRS Help Desk Multiple Vulnerabilities

OTRS Help Desk is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:otrs:otrs"; if description...

otrs -- Clickjacking issue

The OTRS Project reports: An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in OTRS...

RedHat Update for samba RHSA-2014:0305-01

Check for the Version of samba OpenVAS Vulnerability Test RedHat Update for samba RHSA-2014:0305-01 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

RedHat Update for samba RHSA-2014:0305-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for libsmbclient CESA-2014:0305 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 5 : samba (RHSA-2014:0305)

Updated samba packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Scientific Linux Security Update : samba on SL5.x i386/x86_64 (20140317)

It was discovered that the Samba Web Administration Tool SWAT did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. CVE-2013-0213 A flaw was found in the...

CentOS 5 : samba (CESA-2014:0305)

Updated samba packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

libsmbclient, samba security update

CentOS Errata and Security Advisory CESA-2014:0305 Updated samba packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

Moderate: Red Hat Security Advisory: samba security update

Updated samba packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

samba: clickjacking vulnerability in SWAT

The Samba Web Administration Tool SWAT in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a 1 FRAME or 2 IFRAME element...

Yahoo!: Clickjacking at surveylink.yahoo.com

Thank you for your submission to Yahoo’s Bug Bounty program. While we recognize the effort that you put into the research and writing of a report for us to evaluate, but unfortunately this bug has already been reported to us. We appreciate your adherence to responsible disclosure guidelines and...

Facebook 'Watch naked video of friends' malware scam infects 2 million people

We have seen a lot of Facebook malware and virus infections spreading through friends list, and this time a new clickjacking scam campaign is going viral on Facebook. Hackers spam Facebook timeline with a friend's picture and "See Friend's naked video," or "Friend Name's Private Video." The Pictu...