3800 matches found
MyCrypto: URL is vulnerable to clickjacking
i'm not sure if this vulnerability is in scope or not , kindly if you don't accept this report please close it as informative or allow me to self close it thanks in advance Summary: URLs missing CSP headers they are vulnerable to clickjacking. Steps To Reproduce: run the below code that i had...
Nextcloud: Nextcloud Clickjacking Vulnerability
hi! Test domain : https://nextcloud.com Summary ====== https://nextcloud.com/ A clickjacking vulnerability was detected because the X-Frame-Options Header was not set.More Steps To Reproduce == 1. Create a new HTML file 2. Include the following payload Trusted web page https://nextcloud.com 3. Op...
Tarnish - A Chrome Extension Static Analysis Tool To Help Aide In Security Reviews
tarnish is a static-analysis tool to aid researchers in security reviews of Chrome extensions. It automates much of the regular grunt work and helps you quickly identify potential security vulnerabilities. This tool accompanies the research blog post which can be found here. If you don't want to ...
CVE-2019-17131
vBulletin before 5.5.4 allows clickjacking...
CVE-2019-17131
vBulletin before 5.5.4 allows clickjacking...
Security feature bypass
vBulletin before 5.5.4 allows clickjacking...
CVE-2019-17131
vBulletin before 5.5.4 allows clickjacking...
CVE-2019-17131
CVE-2019-17131 affects vBulletin releases prior to 5.5.4 and is a clickjacking vulnerability. The provided documents consistently identify the affected product as vBulletin and the root issue as a clickjacking flaw that could enable an attacker to deceive users into performing unintended actions....
Security Bulletin: Clickjacking vulnerability in WebSphere Application Server Liberty Admin Center in IBM Cloud (CVE-2019-4285)
Summary There is a clickjacking vulnerability in IBM WebSphere Application Server Liberty Admin Center. Vulnerability Details CVEID: CVE-2019-4285 DESCRIPTION: IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By...
IBM Application Performance Management Clickjacking Vulnerability
IBM Application Performance Management APM is a suite of IT service management software from IBM in the United States. The software is primarily used to monitor and manage cloud, on-premise and hybrid applications, and IT infrastructure. A clickjacking vulnerability exists in IBM APM Base Private...
CVE-2019-1975
A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...
Hardcoded credentials
A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...
CVE-2019-1975
CVE-2019-1975 affects the web-based interface of Cisco HyperFlex Software. The root cause is insufficient HTML iframe protection, enabling a cross-frame scripting (XFS) attack. An unauthenticated, remote attacker could lure a user to a malicious page containing an HTML iframe, potentially resulti...
CVE-2019-1975 Cisco HyperFlex Software Cross-Frame Scripting Vulnerability
A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...
CVE-2019-1975 Cisco HyperFlex Software Cross-Frame Scripting Vulnerability
A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...
Cisco HyperFlex Software Cross-Frame Scripting Vulnerability
A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...
LastPass Credential Leak From Previous Site Vulnerability
LastPass suffers from an issue where bypassing dopopupregister leaks credentials from the previous site. lastpass: bypassing dopopupregister leaks credentials from previous site I noticed that you can create a popup without calling dopopupregister by iframing popupfilltab.html i.e. via...
CVE-2019-16371
LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because dopopupregister can be bypassed via clickjacking...
CVE-2019-16371
LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because dopopupregister can be bypassed via clickjacking...
Design/Logic Flaw
LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because dopopupregister can be bypassed via clickjacking...