CVE-2013-5523

The Sponsor Portal in Cisco Identity Services Engine ISE 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS"...

MS13-084: Description of the security update for Excel Web App: October 8, 2013

Describes a security update that addresses vulnerabilities by correcting how affected Microsoft software validates data when the software parses specially crafted Office files and by changing the configuration of SharePoint pages to help provide additional protection against clickjacking...

MS13-084: Description of the security update for Word Automation Services in SharePoint Server 2010: October 8, 2013

Describes a security update that addresses vulnerabilities by correcting how affected Microsoft software validates data when the software parses specially crafted Office files and by changing the configuration of SharePoint pages to help provide additional protection against clickjacking...

MS13-084: Description of the security update for Excel Services in Microsoft SharePoint Server 2010: October 8, 2013

This security update addresses the vulnerabilities by correcting how affected Microsoft software validates data when parsing specially crafted Office files and by changing configuration of SharePoint pages to help provide additional protection against clickjacking attacks.INTRODUCTIONMicrosoft ha...

Code injection

The access policy logon page logon.inc in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

Mozilla Thunderbird Multiple Vulnerabilities - Oct 12 (Windows)

The host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillathunderbirdmultvulnoct12win.nasl 6079 2017-05-08 09:03:33Z teissa $ Mozilla Thunderbird Multiple Vulnerabilities - Oct 12 Windows Authors: Arun Kallavi Copyright:...

Oracle Linux 5 : squirrelmail (ELSA-2012-0103)

The remote Oracle Linux 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2012-0103 advisory. - patch for CVE-2010-2813 was not complete - fix: CVE-2010-1637 : Port-scans via non-standard POP3 server ports in Mail Fetch plugin - fix: CVE-2010-28...

Mozilla Seamonkey Multiple Vulnerabilities (Oct 2012) - Windows

Mozilla Seamonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-4609

The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

Cross site request forgery (csrf)

Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php...

Code injection

The web interface in Pattern Insight 2.3 allows remote attackers to conduct clickjacking attacks via a FRAME element...

CVE-2012-5354

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks via vectors involving an XPI file, the window.ope...

Debian DSA-2291-1 : squirrelmail - various vulnerabilities

Various vulnerabilities have been found in SquirrelMail, a webmail application. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2010-4554 SquirrelMail did not prevent page rendering inside a third-party HTML frame, which makes it easier for remote...

Fedora 15 : squirrelmail-1.4.22-2.fc15 (2011-9311)

fixes : - CVE-2011-2023 : Messages containing style tags with malicious script attributes were being displayed without being sanitized - CVE-2010-4555 : An attacker could use one of several small bugs in SquirrelMail to inject malicious script into various pages or alter the contents of user...

Enable X-FRAME-Options header to implement clickjacking protection

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-25143. panel TLDR: Add X-FRAME-Options: SAMEORIGIN to all HTTPS pages server config, and test that nothing breaks. --- Description: Current...

Critical Vulnerabilities in Facebook and Picasa discovered by Microsoft

Critical Vulnerabilities in Facebook and Picasa discovered byMicrosoft Microsoft security researchers have identified critical vulnerabilities in Facebook and Google Picase which led to account compromise and arbitrary code execution. The bug in Picasa that the MVR team found could allow an...

MediaWiki < 1.16.1 'Frames Processing Clickjacking' Information Disclosure Vulnerability

MediaWiki is prone to a clickjacking information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Opera < 11.01 Multiple Vulnerabilities

Binary data 800855.prm...

Opera < 11.01 Multiple Vulnerabilities

Binary data 5747.prm...

Adobe Flash Player/Air Multiple Vulnerabilities (Dec 2009) - Windows

Adobe Flash Player/Air is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...