CVE-2015-5686

Puppet Enterprise Console 3.x is affected by CSRF and clickjacking vulnerabilities leading to possible session hijacking or redirection of user input to untrusted sites. This CVE (CVE-2015-5686) is corroborated by multiple sources in connected documents (e.g., CNVD-2020-17190 and NVD entries) des...

CVE-2015-5686

Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF Cross-Site Request Forgery attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session...

jenkins: REST APIs vulnerable to clickjacking

REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks...

PT-2020-6876 · Abb · Esoms

Name of the Vulnerable Software and Affected Versions: ABB eSOMS versions 4.0 to 6.0.2 Description: The issue is related to the absence of the X-Frame-Options header in the HTTP response, which can potentially allow 'ClickJacking' attacks. This type of attack occurs when an attacker frames parts ...

Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server Liberty in IBM Cloud Private VM Quickstarter

Summary There are multiple vulnerabiltities in WebSphere Application Server Liberty that is shipped with IBM WebSphere Application for IBM Cloud Private VM Quickstarter. There is an information disclosure and a bypass security vulnerability in WebSphere Application Server Liberty. There is a...

Clickjacking Issue in Confluence

h3. Issue Summary Based on the https://jira.atlassian.com/browse/CONFSERVER-29230|https://jira.atlassian.com/browse/https://jira.atlassian.com/browse/CONFSERVER-29230 this was supposedly fixed from Confluence 5.8.5 version onwards and looks like it is still impacting few URL's embedded within the...

CVE-2019-13924

A vulnerability has been identified in SCALANCE S602 All versions V4.1, SCALANCE S612 All versions V4.1, SCALANCE S623 All versions V4.1, SCALANCE S627-2M All versions V4.1, SCALANCE X-200 switch family incl. SIPLUS NET variants All versions 5.2.4, SCALANCE X-200IRT switch family incl. SIPLUS NET...

CVE-2019-13924

A vulnerability has been identified in SCALANCE S602 All versions V4.1, SCALANCE S612 All versions V4.1, SCALANCE S623 All versions V4.1, SCALANCE S627-2M All versions V4.1, SCALANCE X-200 switch family incl. SIPLUS NET variants All versions 5.2.4, SCALANCE X-200IRT switch family incl. SIPLUS NET...

Design/Logic Flaw

A vulnerability has been identified in SCALANCE S602 All versions V4.1, SCALANCE S612 All versions V4.1, SCALANCE S623 All versions V4.1, SCALANCE S627-2M All versions V4.1, SCALANCE X-200 switch family incl. SIPLUS NET variants All versions 5.2.4, SCALANCE X-200IRT switch family incl. SIPLUS NET...

CVE-2016-5710

NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors...

CVE-2016-5710

NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors...

Code injection

NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors...

PT-2020-9414 · Siemens · Scalance X-200Irt Switch Family +5

Name of the Vulnerable Software and Affected Versions: SCALANCE S602 versions prior to V4.1 SCALANCE S612 versions prior to V4.1 SCALANCE S623 versions prior to V4.1 SCALANCE S627-2M versions prior to V4.1 SCALANCE X-200 switch family versions prior to 5.2.4 SCALANCE X-200IRT switch family versio...

CVE-2019-13924

A vulnerability has been identified in SCALANCE S602 All versions V4.1, SCALANCE S612 All versions V4.1, SCALANCE S623 All versions V4.1, SCALANCE S627-2M All versions V4.1, SCALANCE X-200 switch family incl. SIPLUS NET variants All versions 5.2.4, SCALANCE X-200IRT switch family incl. SIPLUS NET...

CVE-2019-13924

CVE-2019-13924 affects Siemens SCALANCE X and S switches. The root issue is that the admin web interface does not send the X-Frame-Options header, enabling clickjacking where an attacker could trick a logged-in administrator into performing actions via a malicious page. Affected families and vers...

CVE-2016-5710

The CVE-2016-5710 entry affects NetApp Snap Creator Framework prior to 4.3P1. It describes a clickjacking vulnerability that can be triggered by remote authenticated users via unspecified vectors. Exploitation details are not provided in the supplied documents. The issue appears resolved by upgra...

CVE-2016-5710

NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors...

Jenkins < 2.204.2 LTS / 2.219 Multiple Vulnerabilities

The version of Jenkins running on the remote web server is prior to 2.219 or is a version of Jenkins LTS prior to 2.204.2. It is, therefore, affected by multiple vulnerabilities: - An UDP amplification reflection attack can be used in a DDoS attack on a Jenkins master. Within the same network,...

CVE-2013-2682

Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information...

Spoofing

Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information...