Geonick Social Network Clickjacking / Credential Disclosure

Geonick Social Network suffers from a lack of clickjacking protection, it has an insecure crossdomain.xml file, and sends user credentials in the clear. GEONICK SOCIAL-NETWORK Insecure crossdomain.xml file / Clickjacking: X-Frame-Options header missing / User credentials are sent in clear text...

Geonick Social Network Clickjacking / Credential Disclosure

GEONICK SOCIAL-NETWORK Insecure crossdomain.xml file / Clickjacking: X-Frame-Options header missing / User credentials are sent in clear text Time-Line Vulnerability Multiple Advisories but NOT RESPONSE Then Full Disclosure I-VULNERABILITY ------------------------- Title: GEONICK SOCIAL-NETWORK...

Cisco ISE Captive Portal Application Plaintext Credentials Exposure Vulnerability

A vulnerability in the captive portal application of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker or local, authenticated attacker to potentially gain access to the username and password of an authenticated session. The vulnerability is due to improper use of...

Google Docs Information Disclosure

I reported this problem to Google in June but I did not get the usual reply saying they were working on it, so I guess it isn't serious enough to be fixed. The problem is the page for requesting access to a private document. It does not have any protection against being framed, so you can make a...

phpMyAdmin 3.5.x / 4.x < 4.0.5 'Header.class.php' Clickjacking Bypass (PMASA-2013-10)

According to its self-identified version number, the phpMyAdmin 3.5.x or 4.x install hosted on the remote web server is earlier than 4.0.5 and, therefore, contains a flaw where the 'Header.class.php' script does not properly sanitize input. This could allow attackers to bypass the application's...

DEBIAN-CVE-2013-5029

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php...

CVE-2013-5029

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php...

CVE-2013-5029

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php...

CVE-2013-5029

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php...

CVE-2013-5029

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php...

CVE-2013-5029

CVE-2013-5029 affects phpMyAdmin 3.5.x and 4.0.x, where clickjacking protection can be bypassed via certain vectors related to Header.class.php. The vulnerability is fixed in phpMyAdmin 4.0.5 and later; affected users should upgrade to 4.0.5+ (or newer) to remediate. Details come from the initial...

CVE-2013-5029

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php...

update for phpMyAdmin (important)

This version upgrade of phpMyAdmin fixed various security issues SQL injection, XSS, full path disclosure, Clickjacking...

Splunk < 5.0.4 X-FRAME-OPTIONS Clickjacking Vulnerability

According to its version number, the Splunk Web hosted on the remote web server is affected by a clickjacking vulnerability due to a failure to use the X-FRAME-OPTIONS header. This allows an attacker to embed elements such as links or buttons into frames on an externally hosted, attacker-controll...

FreeBSD : phpMyAdmin -- clickJacking protection can be bypassed (17326fd5-fcfb-11e2-9bb9-6805ca0b3d42)

The phpMyAdmin development team reports : phpMyAdmin has a number of mechanisms to avoid a clickjacking attack, however these mechanisms either work only in modern browser versions, or can be bypassed. 'We have no solution for 3.5.x, due to the proposed solution requiring JavaScript. We don't wan...

phpMyAdmin -- clickJacking protection can be bypassed

The phpMyAdmin development team reports: phpMyAdmin has a number of mechanisms to avoid a clickjacking attack, however these mechanisms either work only in modern browser versions, or can be bypassed. "We have no solution for 3.5.x, due to the proposed solution requiring JavaScript. We don't want...

ClickJacking protection can be bypassed.

PMASA-2013-10 Announcement-ID: PMASA-2013-10 Date: 2013-08-04 Updated: 2013-08-05 Summary ClickJacking protection can be bypassed. Description phpMyAdmin has a number of mechanisms to avoid a clickjacking attack, however these mechanisms either work only in modern browser versions, or can be...

Online Ad Networks Leverages to Launch Javascript Attacks

LAS VEGAS – Researchers have figured out how to leverage the reach of online advertising networks to distribute javascript of their choosing, creating the equivalent of a botnet of ad impressions capable of crashing underlying webservers or distributing malware on a massive scale for pennies on t...

LinkedIn Clickjacking vulnerability tricks users to spam links

A Clickjacking vulnerability existed on LinkedIn that allowed an attacker to trick users for sharing and posting links on behalf of victim. Narendra BhatiR00t Sh3ll, Security Analyst at Cyber Octet informed us about LinkedIn Bug. Clickjacking, also referred as "User Interface redress attack" is o...

LinkedIn Clickjacking vulnerability tricks users to spam links

A Clickjacking vulnerability existed on LinkedIn that allowed an attacker to trick users for sharing and posting links on behalf of victim. Narendra BhatiR00t Sh3ll, Security Analyst at Cyber Octet informed us about LinkedIn Bug. Clickjacking, also referred as "User Interface redress attack" is o...