CVE-2014-1480

The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site...

CVE-2014-1480

Technical details about CVE-2014-1480 are not publicly provided in the connected documents. The available description notes a clickjacking/ unintended file launch issue in Firefox/SeaMonkey, but specifics (affected versions, root cause, exploitability, and fixes) are not included.

KLA10458 Multiple vulnerabilities in HP SMH

Multiple vulnerabilities was found in HP SMH. By exploiting these vulnerabilities malicious users can conduct XSS, CSRF and clicjacking attacks via unspecified vectors. These vulnerabilities can be exploited remotely. Original advisories HP bulletin Related products HP-System-Management-Homepage...

[BTS PenTesting Lab] A vulnerable web application to learn common vulnerabilities

The most common question from students who is learning website hacking techniques is "how to test my skills legally without getting into troubles?". So, i always suggest them to use some vulnerable web application such as DVWA. However, i felt dvwa is not suitable for new and advanced techniques...

CVE-2013-5462

IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct clickjacking attacks via vectors involving FRAME elements...

Code injection

IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct clickjacking attacks via vectors involving FRAME elements...

CVE-2013-5462

IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct clickjacking attacks via vectors involving FRAME elements...

CVE-2013-5462

CVE-2013-5462 affects IBM Content Navigator (and its toolkit) versions 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001. The vulnerability allows clickjacking by loading the Content Navigator URL in a frame (header.jsp header) to capture user input such as credentials. IB...

Ubuntu Update for firefox USN-2052-1

Check for the Version of firefox OpenVAS Vulnerability Test $Id: gbubuntuUSN20521.nasl 8509 2018-01-24 06:57:46Z teissa $ Ubuntu Update for firefox USN-2052-1 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free softwar...

Ubuntu: Security Advisory (USN-2052-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1)

Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or...

USN-2052-1: Firefox vulnerabilities

Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or...

Atlassian Confluence < 4.3.7 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Confluence on the remote host is a version prior to 4.3.7. It is, therefore, affected by multiple vulnerabilities : - A clickjacking vulnerability exists due to the lack of iframe busting prevention. An attacker may exploit...

Scientific Linux Security Update : samba on SL6.x i386/x86_64 (20131121)

It was discovered that the Samba Web Administration Tool SWAT did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. CVE-2013-0213 A flaw was found in the...

libsmbclient, samba security update

CentOS Errata and Security Advisory CESA-2013:1542 Updated samba packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common...

CVE-2013-6698

The web interface on Cisco Wireless LAN Controller WLC devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS" issue, aka Bu...

CVE-2013-6698

The web interface on Cisco Wireless LAN Controller WLC devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS" issue, aka Bu...

CVE-2013-6698

CVE-2013-6698 concerns the web interface of Cisco Wireless LAN Controller (WLC). The vulnerability stems from insufficient restrictions on iframe usage, enabling cross-frame scripting (XFS) and clickjacking-like attacks via a crafted page. Affected component is the WLC web UI; root cause is inade...

Cisco Wireless LAN Controller Cross-Frame Scripting Vulnerability

A vulnerability in the web interface of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a...

RHEL 6 : samba (RHSA-2013:1542)

Updated samba packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...