Sifchain: Vulnerable for clickjacking attack

Summary: Hii Team, I know that I have reported to you outside of Scope. The report is related to the mentioned company and the vulnerability can endanger your business so I report this vulnerability to you. Clickjacking User Interface redress attack, UI redress attack, UI redressing is a maliciou...

Design/Logic Flaw

The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected syste...

SAP Business Objects Business Intelligence Cross-Site Scripting Execution Vulnerability

SAP Business Objects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and deploy...

Mozilla Firefox Clickjacking Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in versions of Mozilla Firefox prior to 85. The browser could be confused to transfer the pointer-locked state to another tab, which could be exploited by an attacker to...

Design/Logic Flaw

SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking attack...

CVE-2020-5679

Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted...

CVE-2020-24711

The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack...

CVE-2020-24711

The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack...

CVE-2016-5710

NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors...

CVE-2019-16371

LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because dopopupregister can be bypassed via clickjacking...

Security Bulletin: IBM Security Information Queue web application is vulnerable to clickjacking attack

Summary The IBM Security Information Queue ISIQ web application is vulnerable to a clickjacking attack in which an untrusted page could get embedded into another frame or object. As of v1.0.3, the ISIQ web server disallows browsers from embedding content. Vulnerability Details CVEID: CVE-2019-421...

Spoofing Vulnerability

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1948,...

Code injection

When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. Note: This issue only affects Windows operating...

CVE-2018-18496

When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. Note: This issue only affects Windows operating...

Mozilla Firefox < 64.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 64.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-29 advisory. - A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images...

CVE-2018-16172

Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate...

CVE-2018-16172

Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate...

Mozilla Firefox < 64.0

The version of Firefox installed on the remote Windows host is prior to 64.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-29 advisory. - A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a ra...

JVN#23161885: Multiple vulnerabilities in Cybozu Remote Service

Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Upload of arbitrary files in logo setting screen CWE-434 - CVE-2018-16169 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

CVE-2018-15423

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. A...