CVE-2013-3275

EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilitie...

ESA-2013-055: EMC Avamar Multiple Vulnerabilities

ESA-2013-055.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-055: EMC Avamar Multiple Vulnerabilities EMC Identifier: ESA-2013-055 CVE Identifier: CVE-2013-3274, CVE-2013-3275 Severity Rating: See below for individual scores Affected products: All EMC Avamar Server and Avamar Virtual...

CVE-2013-3275

EMC Avamar Server and Avamar Virtual Edition prior to v7.0 on Data Store Gen3, Gen4, or Gen4s platforms are affected by cross frame scripting vulnerabilities (CVE-2013-3275). The web interface does not properly restrict FRAME elements, which can allow a crafted remote site to monitor input and ex...

CVE-2013-3275

EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilitie...

CVE-2013-0939

EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting"...

CVE-2013-0939

EMC Documentum CVE-2013-0939 affects Webtop, WDK, Taskspace, and Records Manager prior to 6.7 SP2. The issue is a Cross Frame Scripting vulnerability allowing remote attackers to obtain sensitive information via cross-origin frame navigation. Affected products include Webtop, WDK, Taskspace, and ...

CVE-2013-0939

EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting"...

ESA-2013-021: EMC Documentum Multiple Vulnerabilities

ESA-2013-021.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-021: EMC Documentum Multiple Vulnerabilities EMC Identifier: ESA-2013-021 CVE Identifier: CVE-2013-0937, CVE-2013-0938, CVE-2013-0939 Severity Rating: See below for individual scores Affected products: • EMC Documentum Webtop...

CVE-2012-3293

Cross-site scripting XSS vulnerability in the Administrative Console in IBM WebSphere Application Server WAS 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME...

CVE-2012-3293

CVE-2012-3293 is an XSS flaw in IBM WebSphere Application Server’s Administrative Console. It affects WAS versions 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allowing remote attackers to inject arbitrary script via FRAME/cross-frame contexts. IBM...

CVE-2012-2280

EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability."...

CVE-2012-2280

The CVE-2012-2280 entry concerns a Cross frame scripting vulnerability in EMC RSA Authentication Manager 7.1 (before SP4 P14) and RSA SecurID Appliance 3.0 (before SP4 P14). The issue allows remote attackers to inject arbitrary web script/HTML via unspecified vectors due to improper frame handlin...

Penetration Tester XSSer v1.0 - New Version Download

All of you web application penetration testers, check out this release of XSSer version 1.0! From this release, the author plans to rename XSSer to "The Mosquito". Our first post regarding XSSer can be found here. "XSSer is an open source penetration testing tool that automates the process of...

Internet Explorer Cross Frame Scripting Restriction Bypass (CVE-2004-2383)

Microsoft Internet Explorer, a web browser developed and maintained by Microsoft Corporation, is the most widely used Internet browser. There is a vulnerability in the way Internet Explorer handles interaction between frames within a web page. It is possible for a malicious server to bypass...

[HACKATTACK Advisory 25012009]ConPresso CMS 4.07 - Session Fixation, XFS, XSS

HACKATTACK Advisory 25012009ConPresso CMS 4.07 - Session Fixation, XFS, XSS Details Product: ConPresso CMS 4.07 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.conpresso.de/ Vendor-Status: informed Advisory-Status: not yet published Credits Discovered by: David Vieira-Kurz...

ConPresso CMS 4.07 Session Fixation / XSS

HACKATTACK Advisory 25012009ConPresso CMS 4.07 - Session Fixation, XFS, XSS Details Product: ConPresso CMS 4.07 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.conpresso.de/ Vendor-Status: informed Advisory-Status: not yet published Credits Discovered by: David Vieira-Kurz...

Oempro index.php FormValue_Email Parameter SQL Injection Authentication Bypass

The remote host is running Oempro, a commercial list management and email marketing application written in PHP. The installed version of Oempro fails to sanitize user-supplied input to the 'FormValueEmail' parameter of the 'index.php' script before using it in a database query. An unauthenticated...

Fedora 9 : phpMyAdmin-2.11.8.1-1.fc9 (2008-6868)

This update solves PMASA-2008-6 phpMyAdmin security announcement from 2008-07-28: Cross-site Framing; XSS in setup.php; see http://www.phpmyadmin.net/homepage/security.php?issue=PMASA-2008-6 - interface Table list pagination in navi - profiling Profiling causes query to be executed again really...

CVE-2004-2383

Microsoft Internet Explorer 5.0–6.0 is identified as vulnerable to a Cross-Frame Scripting Restriction bypass (CVE-2004-2383). The issue arises when an HTML document with JavaScript outside a frameset that includes the target domain can cause the frameset to retain focus, enabling an attacker to ...

CVE-2004-2383

Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain...