OESA-2021-1359 cockpit security update

Cockpit makes GNU/Linux discoverable. See Linux server in a web browser and perform system tasks with a mouse. It’s easy to start containers, administer storage, configure networks, and inspect logs with this package. Security Fixes: Cockpit and its plugins do not seem to protect itself against...

in jonschoning/espial

Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. PoC https://i.ibb.co/QFTZD9j/clickjack.png Impact According to PortSwigger references, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable ...

in kcal-app/kcal

Description it can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept Clickjack test page save the script as clickjacking .html and page will render in iframes...

in aces/loris

Description It is possible to perform a clickjacking attack due to the lack of frame restrictions such as X-Frame-Options: DENY Proof of Concept Tested :: https://demo.loris.ca/ https://drive.google.com/file/d/1oSi2JpYnPjjoL6QvhFnsHcTD94KMzKBj/view?usp=sharing Impact Clickjacking is an...

UPchieve: Clickjacking login page of https://hackers.upchieve.org/login

Hello, you have discovered this unprotected login page https://hackers.upchieve.org/login An attacker can in frame page in iframe and Deception of a user and obtaining a password, email and sensitive information Impact An attacker can aDeception of a user and obtaining a password, email and...

Log Analysis Security Bulletin List

Question Is there a list of security bulletins that describe resolved vulnerabilities affecting Log Analysis? Answer Log Analysis is made up of several components. The following table contains security bulletins that address the vulnerability of various components in Log Analysis, listed by...

Clickjacking

yourls/yourls is vulnerable to clickjacking. It was possible to perform a clickjacking attack due to the lack of frame restrictions and the application does not configure the response header X-Frame-Options: DENY...

in opensourcepos/opensourcepos

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️‍♂️ Proof of Concept Image: https://i.ibb.co/cbtVcb1/clickjack.png 💥 Impact According to PortSwigger references, it is...

in zoujingli/thinkadmin

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️‍♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

Debian: Security Advisory (DSA-4962-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

in livehelperchat/livehelperchat

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️‍♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

Debian DSA-4962-1 : ledgersmb - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-4962 advisory. Several vulnerabilities were discovered in LedgerSMB, a financial accounting and ERP program, which could result in cross-site scripting or clickjacking. For the...

[SECURITY] [DSA 4962-1] ledgersmb security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4962-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 23, 2021 https://www.debian.org/security/faq -...

in yourls/yourls

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️‍♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

in getgrav/grav-plugin-admin

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️‍♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

CVE-2021-3731

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions...

DEBIAN-CVE-2021-3731

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions...

CVE-2021-3731

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions...

Code injection

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions...

CVE-2021-3731

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions...