3800 matches found
Judge.me : Email templates XSS by filterXSS bypass
Summary: js-xss is used to prevent XSS on email templates previews but the custom onIgnoreTag function can be used to bypass this filter. This leads to a Self-XSS scenario that can be used to achieve Account Takeover in 1-click. js onIgnoreTag: function e, t return "!--if" === e || "!endif--" ===...
CVE-2021-43048
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability...
Code injection
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability...
CVE-2021-43048
The CVE-2021-43048 vulnerability affects TIBCO PartnerExpress Interior Server and Gateway Server components, specifically versions 6.2.1 and earlier. The issue is a click-jacking vulnerability that can be exploited by an unauthenticated attacker with network access and requires no user interactio...
CVE-2021-43048 TIBCO PartnerExpress Click-Jacking vulnerability
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability...
TIBCO Partnerexpress 安全漏洞
TIBCO Partnerexpress is a Php-based platform that generates barcodes by product name from TIBCO USA. A security vulnerability exists in the internal server and gateway server components of TIBCO PartnerExpress, versions 6.2.1 and below, which can be exploited by an attacker to perform a...
UPchieve: Clickjacking ar https://hackers.upchieve.org/login
I found clickjacking at login page on https://hackers.upchieve.org that can be exploited if the UI overlay can be performed correctly by the attacker. Clickjack test page Website is vulnerable to clickjacking! Click me when you finish : Impact Its login page so if the UI overlay can be performed...
Mozilla Firefox Security Advisory (MFSA2013-94) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Mozilla Firefox Security Advisory (MFSA2013-10) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Mozilla Firefox Security Advisory (MFSA2015-35) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Mozilla Firefox Security Advisory (MFSA2015-26) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Mozilla Firefox Security Advisory (MFSA2012-54) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Mozilla Firefox Security Advisory (MFSA2014-50) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Mozilla Firefox Security Advisory (MFSA2016-58) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Mozilla Firefox Security Advisory (MFSA2021-03) - Linux
The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2021-03. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...
CVE-2021-35237
A missing HTTP header X-Frame-Options in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server...
CVE-2021-35237
A missing HTTP header X-Frame-Options in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server...
CVE-2021-35237 Clickjacking Vulnerability
A missing HTTP header X-Frame-Options in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server...
Solarwinds Kiwi Syslog Server 安全漏洞
Solarwinds Kiwi Syslog Server is an affordable Syslog management tool for network and system engineers from Solarwinds USA. It is used to receive syslog messages and Snmp traps from network devices routers, switches, firewalls, etc. and Linux®/Unix® hosts. A security vulnerability exists in Kiwi...
PT-2021-20859 · Unknown · Kiwi Syslog Server
Name of the Vulnerable Software and Affected Versions: Kiwi Syslog Server affected versions not specified Description: A missing HTTP header X-Frame-Options has left customers vulnerable to clickjacking. Clickjacking is an attack where an attacker uses a transparent iframe to trick a user into...