3796 matches found
Mandriva Update for squirrelmail MDVSA-2011:123 (squirrelmail)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CVE-2011-3127
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for 1 admin or 2 login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
DEBIAN-CVE-2011-3127
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for 1 admin or 2 login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
CVE-2011-3127
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for 1 admin or 2 login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
CVE-2011-3127
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for 1 admin or 2 login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
Hardcoded credentials
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for 1 admin or 2 login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
CVE-2011-3127
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for 1 admin or 2 login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
CVE-2011-3127
CVE-2011-3127 affects WordPress: versions 3.1 before 3.1.3 and 3.2 before Beta 2 do not prevent framing of admin or login pages, enabling clickjacking via a crafted site. Root cause: missing frame-embedding protection. Impact is remote via crafted site; mitigation is upgrading to WordPress 3.1.3 ...
CVE-2011-3127
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for 1 admin or 2 login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
WordPress <= 3.1.2 - Clickjacking Attacks
This WordPress version does not prevent rendering for admin or login pages inside a frame in a third-party HTML document. It allows the attackers to conduct clickjacking attacks via a crafted web site. Solution Update WordPress...
Debian DSA-2291-1 : squirrelmail - various vulnerabilities
Various vulnerabilities have been found in SquirrelMail, a webmail application. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2010-4554 SquirrelMail did not prevent page rendering inside a third-party HTML frame, which makes it easier for remote...
CVE-2011-2892
Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
Hardcoded credentials
Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
CVE-2011-2892
Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
CVE-2011-2892
CVE-2011-2892 affects Joomla! 1.6.x before 1.6.2; the issue is that rendering can occur in a frame from a third-party HTML document, enabling clickjacking via a crafted site. Exploitation details are not provided in the documents; no remediation details are explicitly stated.
Fedora 15 : squirrelmail-1.4.22-2.fc15 (2011-9311)
fixes : - CVE-2011-2023 : Messages containing style tags with malicious script attributes were being displayed without being sanitized - CVE-2010-4555 : An attacker could use one of several small bugs in SquirrelMail to inject malicious script into various pages or alter the contents of user...
Fedora 14 : squirrelmail-1.4.22-2.fc14 (2011-9309)
fixes : - CVE-2011-2023 : Messages containing style tags with malicious script attributes were being displayed without being sanitized - CVE-2010-4555 : An attacker could use one of several small bugs in SquirrelMail to inject malicious script into various pages or alter the contents of user...
T Online Browser v6.x - ClickJacking Vulnerability
Document Title: =============== T Online Browser v6.x - ClickJacking Vulnerability Release Date: ============= 2011-07-23 Vulnerability Laboratory ID VL-ID: ==================================== 143 Product & Service Introduction: =============================== Mit dem vielseitigen Browser 6.0...
T Online Browser v6.x - ClickJacking Vulnerability
Document Title: =============== T Online Browser v6.x - ClickJacking Vulnerability Release Date: ============= 2011-07-23 Vulnerability Laboratory ID VL-ID: ==================================== 143 Product & Service Introduction: =============================== Mit dem vielseitigen Browser 6.0...
Enable X-FRAME-Options header to implement clickjacking protection
TLDR: Add X-FRAME-Options: SAMEORIGIN to all HTTPS pages server config, and test that nothing breaks. --- Description: Current HTTP headers do not contain the X-FRAME-Option, which helps prevents against Clickjacking attacks. A Clickjacking attack is similar to CSRF in which attacker can hijack a...