Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.6.1 image security update

An update is now available for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

IBM WebSphere Application Server 6.1.0.x < 6.1.0.47 / 7.0.0.x < 7.0.0.31 / 8.0.0.x < 8.0.0.7 / 8.5.x < 8.5.5.1 Clickjacking (CVE-2013-1571)

The IBM WebSphere Application Server running on the remote host is version 6.1.0.x prior to 6.1.0.47, 7.0.0.x prior to 7.0.0.31, 8.0.0.x prior to 8.0.0.7, or 8.5.0.x prior to 8.5.5.1. It is, therefore, affected by a vulnerability in the HTML documentation generated by the Javadoc tool. An...

CVE-2020-15793

A vulnerability has been identified in Desigo Insight All versions. The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by...

CVE-2020-15793

A vulnerability has been identified in Desigo Insight All versions. The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by...

Design/Logic Flaw

A vulnerability has been identified in Desigo Insight All versions. The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by...

CVE-2020-15793

CVE-2020-15793 affects Siemens Desigo Insight (all versions). The vulnerability stems from not properly setting the X-Frame-Options header, enabling clickjacking that could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user. The ICSA advisory notes th...

CVE-2020-15793

A vulnerability has been identified in Desigo Insight All versions. The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by...

keycloak: security headers missing on REST endpoints

A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...

Siemens Desigo Insight

1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Desigo Insight Vulnerabilities: SQL Injection, Improper Restriction of Rendered UI Layers or Frames, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION...

Apache Calcite Clickjacking Vulnerability

Apache Calcite is a dynamic data management framework that has many of the features of a typical database management system, such as SQL parsing, SQL validation, SQL query optimization, SQL generation, and data connection queries. clickjacking vulnerability exists in versions of Apache Calcite...

keycloak: security headers missing on REST endpoints

A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...

U.S. Dept Of Defense: POST based RXSS on https://███████/ via ███ parameter

Good Night DoD team, Summary: I have discovered that on the following domain https://██████████/███████ there is Post-Based reflected XSS vulnerability which i can trigger with CSRF and Clickjacking due to unsanitized input inside the ███parameter ██████████ Description The vulnerable path is:...

Acronis: Get ip and Geo location any user via Clickjacking with inspectlet technology

Summary Get ip and Geo location any user via Clickjacking with inspectlet technology https://geoapi.acronis.com/?q=admin/views/ajax/autocomplete/user/a Steps To Reproduce 1. go to F1015419 2. will watch your geo data ex. "city":"Abu...

U.S. Dept Of Defense: POST based RXSS on https://█████ via frm_email parameter

Good Afternoon DoD team, Summary: I have discovered that on the following domain https://███████ there is Post-Based reflected XSS vulnerability which i can trigger with CSRF and Clickjacking due to unsanitized input inside the frmemail parameter Description The vulnerable path is: https://███ CS...

IBM InfoSphere Information Server Clickjacking Vulnerability

IBM InfoSphere Information Server is a data integration platform that includes a range of products that enable you to understand, cleanse, monitor, transform, and transfer data, as well as collaborate to bridge the gap between business and IT. A clickjacking vulnerability exists in IBM InfoSphere...

ismartgate PRO Clickjacking Vulnerability

iSmartGate is a smart garage door opener system. A clickjacking vulnerability exists in ismartgate PRO, which allows remote attackers to exploit the vulnerability to submit a special URL request that can be parsed by the user, which can be used to gain access to sensitive information, among other...

CVE-2020-13119

ismartgate PRO 1.5.9 is vulnerable to clickjacking...

CVE-2020-13119

ismartgate PRO 1.5.9 is vulnerable to clickjacking...

Design/Logic Flaw

ismartgate PRO 1.5.9 is vulnerable to clickjacking...

CVE-2020-13119

ismartgate PRO 1.5.9 is vulnerable to clickjacking...