Cisco Prime LAN Management Solution Cross-Frame Scripting Vulnerability

A vulnerability in Cisco Prime LAN Management Solution could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an...

Cetelem Online Bank Cross Site Scripting / Clickjacking

=============================================================================================================================================================================================== CETELEM ON LINE BANK Cross Site Scripting and DOM Based XSS / Clickjacking: X-Frame-Options header missin...

'self' xss reported in a question's moderate

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47423. panel We have received an external report of a dom xss in the moderation code for a question on answers.atlassian.com...

'self' xss reported in a question's moderate

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47423. panel We have received an external report of a dom xss in the moderation code for a question on answers.atlassian.com...

Geonick Social Network Clickjacking / Credential Disclosure

Geonick Social Network suffers from a lack of clickjacking protection, it has an insecure crossdomain.xml file, and sends user credentials in the clear. GEONICK SOCIAL-NETWORK Insecure crossdomain.xml file / Clickjacking: X-Frame-Options header missing / User credentials are sent in clear text...

Geonick Social Network Clickjacking / Credential Disclosure

GEONICK SOCIAL-NETWORK Insecure crossdomain.xml file / Clickjacking: X-Frame-Options header missing / User credentials are sent in clear text Time-Line Vulnerability Multiple Advisories but NOT RESPONSE Then Full Disclosure I-VULNERABILITY ------------------------- Title: GEONICK SOCIAL-NETWORK...

Cisco ISE Captive Portal Application Plaintext Credentials Exposure Vulnerability

A vulnerability in the captive portal application of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker or local, authenticated attacker to potentially gain access to the username and password of an authenticated session. The vulnerability is due to improper use of...

Google Docs Information Disclosure

I reported this problem to Google in June but I did not get the usual reply saying they were working on it, so I guess it isn't serious enough to be fixed. The problem is the page for requesting access to a private document. It does not have any protection against being framed, so you can make a...

phpMyAdmin 3.5.x / 4.x < 4.0.5 'Header.class.php' Clickjacking Bypass (PMASA-2013-10)

According to its self-identified version number, the phpMyAdmin 3.5.x or 4.x install hosted on the remote web server is earlier than 4.0.5 and, therefore, contains a flaw where the 'Header.class.php' script does not properly sanitize input. This could allow attackers to bypass the application's...

DEBIAN-CVE-2013-5029

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php...

CVE-2013-5029

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php...

CVE-2013-5029

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php...

CVE-2013-5029

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php...

CVE-2013-5029

CVE-2013-5029 affects phpMyAdmin 3.5.x and 4.0.x, where clickjacking protection can be bypassed via certain vectors related to Header.class.php. The vulnerability is fixed in phpMyAdmin 4.0.5 and later; affected users should upgrade to 4.0.5+ (or newer) to remediate. Details come from the initial...

CVE-2013-5029

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php...

CVE-2013-5029

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php...

update for phpMyAdmin (important)

This version upgrade of phpMyAdmin fixed various security issues SQL injection, XSS, full path disclosure, Clickjacking...

Splunk < 5.0.4 X-FRAME-OPTIONS Clickjacking Vulnerability

According to its version number, the Splunk Web hosted on the remote web server is affected by a clickjacking vulnerability due to a failure to use the X-FRAME-OPTIONS header. This allows an attacker to embed elements such as links or buttons into frames on an externally hosted, attacker-controll...

FreeBSD : phpMyAdmin -- clickJacking protection can be bypassed (17326fd5-fcfb-11e2-9bb9-6805ca0b3d42)

The phpMyAdmin development team reports : phpMyAdmin has a number of mechanisms to avoid a clickjacking attack, however these mechanisms either work only in modern browser versions, or can be bypassed. 'We have no solution for 3.5.x, due to the proposed solution requiring JavaScript. We don't wan...

phpMyAdmin -- clickJacking protection can be bypassed

The phpMyAdmin development team reports: phpMyAdmin has a number of mechanisms to avoid a clickjacking attack, however these mechanisms either work only in modern browser versions, or can be bypassed. "We have no solution for 3.5.x, due to the proposed solution requiring JavaScript. We don't want...