CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3800 matches found

Cvelist•added 2017/03/23 6:36 a.m.•26 views

CVE-2016-9168

A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking...

6.7AI score0.01474EPSS

Exploits0References2

Cvelist•added 2017/03/23 6:36 a.m.•16 views

CVE-2016-5755

NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting...

6.4AI score0.00502EPSS

Exploits0References1

CVE•added 2017/03/23 6:36 a.m.•45 views

CVE-2016-5755

CVE-2016-5755 affects NetIQ Access Manager; versions 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 are vulnerable to clickjacking due to a missing SAMEORIGIN filter in the "high encryption" setting. The connected documents corroborate this description and identify the affected product and the s...

6.5CVSS6.4AI score0.00502EPSS

Exploits0References1Affected Software1

CVE•added 2017/03/23 6:36 a.m.•57 views

CVE-2016-9168

CVE-2016-9168 affects Novell eDirectory’s NDSD (NDS Utility Monitor) prior to version 9.0.2, where a missing X-Frame-Options header could enable clickjacking by remote attackers. The vulnerability is documented across multiple feeds (NVD entry and cross-references in CNVD/OpenVAS records) and is ...

6.5CVSS6.6AI score0.01474EPSS

Exploits0References2Affected Software1

seebug.org•added 2017/03/23 12:0 a.m.•61 views

LastPass: domain regex doesn't handle data and other pseudo-url schemes

I previously found a design flaw in lastpass that affected the 4.x branch of lastpass issue 884. They confirmed the vulnerability, but explained that most of their users use an older branch from addons.mozilla.org. I took a look at the addons.mozilla.org version 3.3.2 as of this writing, and...

6.6AI score

Exploits0

Hacker One•added 2017/03/18 3:27 p.m.•26 views

Mail.ru: Stored XSS

Clickjacking and self-XSS in http://whiskas.ny.mail.ru/. This project is not currently in the bug bounty scope. I've found a Stored Self-XSS and turned it to be exploitable through Clickjacking...

0.2AI score

Exploits0

Hacker One•added 2017/03/17 5:58 a.m.•16 views

Yelp: Clickjacking Vulnerability found on Yelp

As many companies do, Yelp set its X-Frame-Options to SAME ORIGIN in its HTTP headers; but unfortunately our exploitation proves that not all the pages are protected. With the use of iframes in the html document, I was able to discover a clickjacking vulnerabilities on Yelp.com, and this...

7.1AI score

Exploits0

Packet Storm•added 2017/03/17 12:0 a.m.•47 views

HumHub 1.0.1 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: HumHub 1.0.1 and earlier Fixed in: 1.1.1 Fixed Version https://www.humhub.org/en/download/default/form?version=1.1.1 Link: &type=zip Vendor Website: https://www.humhub.org/ Vulnerability XSS Type: Remote Yes Exploitable:...

0.2AI score

Exploits0

RedHat Linux•added 2017/03/16 9:9 p.m.•3 views

Dashbuilder: Lack of clickjacking protection on the login page

It was discovered that the Dashbuilder login page could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...

6.5CVSS5.9AI score0.0148EPSS

Exploits0References4

RedHat Linux•added 2017/03/16 9:9 p.m.•32 views

Moderate: Red Hat Security Advisory: Red Hat JBoss BPM Suite security update

An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

8.8CVSS6.7AI score0.0166EPSS

Exploits0References5

RedhatCVE•added 2017/03/16 6:47 p.m.•30 views

CVE-2017-2658

6.5CVSS6.6AI score0.0148EPSS

Exploits0References1

Tenable Nessus•added 2017/03/07 12:0 a.m.•36 views

IBM Integration Bus 8.x < 8.0.0.8 / 9.x < 9.0.0.7 / 10.x < 10.0.0.7 Clickjacking

The version of IBM Integration Bus formerly known as IBM WebSphere Message Broker is 8.x prior to 8.0.0.8, 9.x prior to 9.0.0.7, or 10.x prior to 10.0.0.7. It is, therefore, affected by a clickjacking vulnerability in the administrative web UI due to a failure to set the X-Frame-Options header in...

6.1CVSS6.2AI score0.00765EPSS

Exploits0References2