Code injection

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2013-0518

IBM Sterling Secure Proxy is affected by CVE-2013-0518 (and related CVEs) where certain 3.2.0, 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 do not refuse rendering in third‑party frames, enabling clickjacking. Affected versions: SSP 3.2.0, 3....

CVE-2013-0518

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

UI Redressing (Clickjacking)

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-29230. panel Confluence is vulnerable to Clickjacking|https://en.wikipedia.org/wiki/Clickjacking. That is, it is possible to fra...

UI Redressing (Clickjacking)

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-29230. panel Confluence is vulnerable to Clickjacking|https://en.wikipedia.org/wiki/Clickjacking. That is, it is possible to...

UI Redressing (Clickjacking)

Confluence is vulnerable to Clickjacking|https://en.wikipedia.org/wiki/Clickjacking. That is, it is possible to frame confluence from a page hosted in a different domain and trick the user into performing an action they did not intend to perform, for example changing their display name. This issu...

UI Redressing (Clickjacking)

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-29230. panel Confluence is vulnerable to Clickjacking|https://en.wikipedia.org/wiki/Clickjacking. That is, it is possible to fra...

Script Execution flaw in Google drive poses security threat

Once again Google Security Team Shoot itself in the foot. Ansuman Samantaray, an Indian penetration tester discovered a small, but creative Security flaw in Google drive that poses phishing threat to million of Google users was ignored by Google Security team by replying that,"It is just a mare...

Hacking Google users with Google's GooPass phishing attack

Google Drive is the new home for Google Docs, that users can access everywhere for Storing files safely. In a recent demonstration hacker successfully performed an attack on Google Docs to trick users to grab their Facebook, Gmail, Yahoo credentials with Credit Card Information. Security research...

Hacking Google users with Google's GooPass phishing attack

Google Drive is the new home for Google Docs, that users can access everywhere for Storing files safely. In a recent demonstration hacker successfully performed an attack on Google Docs to trick users to grab their Facebook, Gmail, Yahoo credentials with Credit Card Information. Security research...

Mandriva Linux Security Advisory : samba (MDVSA-2013:011)

Multiple vulnerabilities has been found and corrected in samba swat : The Samba Web Administration Tool SWAT in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a 1 FRAME or 2 IFRAME element CVE-2013-0213. Cross-site...

Mega Bug Bounty Makes First Payouts

Week one of the Mega cloud storage service bug bounty is in the books and at least three payouts have been made. Controversial entrepreneur and MegaUpload founder Kim Dotcom made the challenge last week offering a €10,000 reward to anyone who could break the encryption protecting the service. Six...

ESA-2013-002: RSA Archer® GRC Multiple Vulnerabilities

ESA-2013-002.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-002: RSA Archer® GRC Multiple Vulnerabilities EMC Identifier: ESA-2013-002 CVE Identifier: CVE-2012-2293, CVE-2012-2292, CVE-2012-1064, CVE-2012-2294 Severity Rating: See below for scores for individual issues Affected...

RSA Archer GRC multiple security vulnerabilities

Directory traversal, clickjacking, crossite access, crossite scripting...

CVE-2012-2294

EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page...

Code injection

EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page...

CVE-2012-2294

EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page...

CVE-2012-2294

CVE-2012-2294 affects EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x earlier than 5.2SP1. The issue is a clickjacking vulnerability exposed via crafted web pages, allowing remote attackers to entice user actions in a legitimate session. The NVD entry lists a CVSSv2 base score of 6...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-4)

USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, Firefox suffered from instabilities when accessing some websites. This update fixes the problem. We apologize for the inconvenience. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos,...

Samba < 3.5.21 / 3.6.12 / 4.0.2 SWAT Multiple Vulnerabilities

According to its banner, the version of Samba running on the remote host is 3.5.x prior to 3.5.21, 3.6.x prior to 3.6.12, or 4.x prior to 4.0.1. It is, therefore, affected by the following vulnerabilities : - An unspecified flaw exists in the Samba Web Administration Tool SWAT that allows a remot...