3796 matches found
Hardcoded credentials
Piwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
CVE-2011-0399
Piwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
CVE-2011-0399
PIWIK (before 1.1) is vulnerable to clickjacking because the login form can be rendered within a frame by a third-party page. Root cause: login page displayed in an iframe without proper frame busting. Impact: enables clickjacking via a crafted site. Exploitation details are not provided in the d...
CVE-2011-0399
Piwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
DTSA-207-1 mediawiki - clickjacking
Bulletin has no description...
FreeBSD : mediawiki -- Clickjacking vulnerabilities (e177c410-1943-11e0-9d1c-000c29ba66d2)
Clickjacking vulnerabilities : Clickjacking is a type of vulnerability discovered in 2008, which is similar to CSRF. The attack involves displaying the target webpage in a iframe embedded in a malicious website. Using CSS, the submit button of the form on the targeit webpage is made invisible, an...
mediawiki -- Clickjacking vulnerabilities
Clickjacking vulnerabilities: Clickjacking is a type of vulnerability discovered in 2008, which is similar to CSRF. The attack involves displaying the target webpage in a iframe embedded in a malicious website. Using CSS, the submit button of the form on the targeit webpage is made invisible, and...
Android Update Adds Protection From Mobile Clickjacking
Google released the latest version of its Android mobile operating system on Monday, adding security features that it says will make it tougher for mobile device users to be subjected to “clickjacking” attacks that trick them into clicking on hidden or disguised user interface elements. The compa...
Android Update Adds Protections For Mobile Clickjacking
Google released the latest version of its Android mobile operating system on Monday, adding security features that it says will make it tougher for mobile device users to be subjected to “clickjacking” attacks that trick them into clicking on hidden or disguised user interface elements. The compa...
How to Spot and Avoid Clickjacking Attacks on Facebook
When you see a post on a Facebook friend's wall that seems out of character, don't be too quick to click. Posts labeled "Pictures of girls in bikinis" or "All boys can stare at it but girls cannot" might be clickjacking attacks. These attacks typically don't carry malicious payloads, but they can...
Missing or Permissive X-Frame-Options HTTP Response Header
The remote web server in some responses sets a permissive X-Frame-Options response header or does not set one at all. The X-Frame-Options header has been proposed by Microsoft as a way to mitigate clickjacking attacks and is currently supported by all major browser vendors %NASLMINLEVEL 70300 C...
Busting Frame Busting
In this video from the OWASP AppSec Research conference, Gustav Rydstedt from Stanford University, discusses frame-busting and clickjacking vulnerabilities on popular Web sites...
flash-plugin: multiple security flaws (APSB10-16)
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into 1 selecting a link or 2 completing a dialog, related to a "click-jacking" issue...
CVE-2010-2576
Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving 1 closing a tab or 2 hiding a tab, a related issue ...
Sql injection
Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving 1 closing a tab or 2 hiding a tab, a related issue ...
CVE-2010-2576
Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving 1 closing a tab or 2 hiding a tab, a related issue ...
CVE-2010-2576
CVE-2010-2576 (Opera) affects Opera pre-10.61. The issue arises because download dialogs that become visible after a tab change are not properly suppressed, enabling a clickjacking vector. A remote attacker could exploit this to trigger arbitrary code execution via vectors involving (1) closing a...
Critical: Red Hat Security Advisory: flash-plugin security update
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3 and 4 Extras. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give...
Critical: Red Hat Security Advisory: flash-plugin security update
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give...
Firefox 3.6.7 / SeaMonkey 2.0.6 Clickjacking
FF3.6.7/SM 2.0.6 ClickJacking Vulnerability function clickjackarmorevt clickjackmouseX=evt.pageX?evt.pageX:evt.clientX; clickjackmouseY=evt.pageY?evt.pageY:evt.clientY; document.getElementById'mydiv'.style.left=clickjackmouseX-1; document.getElementById'mydiv'.style.top=clickjackmouseY-1; Firefox...