Lucene search
+L

288 matches found

CNVD
CNVD
added 2016/10/26 12:0 a.m.2 views

Multiple Cross-Site Scripting Vulnerabilities in Wordpress Plugin classbyte

ClassByte is a Wordpress plugin that allows the user to connect an instance of ClassByte to the user's WordPress site. Wordpress plugin classbyte has an xss vulnerability due to improper filtering of user input, which allows attackers to frame malicious web pages and trick users into parsing them...

7.5AI score
Exploits0
CNVD
CNVD
added 2016/10/26 12:0 a.m.3 views

Wordpress plugin content-glass-button has multiple cross-site scripting vulnerabilities

Content Glass is a social tool that allows website users to share widgets with peers-groups with page address fields or TLDs. The Wordpress plugin content-glass-button is vulnerable to an xss vulnerability due to improper filtering of user input, which allows attackers to frame malicious web page...

7.5AI score
Exploits0
CNVD
CNVD
added 2016/10/26 12:0 a.m.4 views

Cross-site scripting vulnerability in Wordpress plugin border-loading-bar

WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. WordPress can also be used as a content management system CMS. Wordpress plugin border-loading-bar has an xss vulnerability due to...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/04/25 12:0 a.m.8 views

The vulnerability of the Apache ActiveMQ software platform allows attackers to deploy malicious elements on a page and force users to activate them.

The vulnerability of the Apache ActiveMQ software platform’s web console is related to errors in sending the X-Frame-Options HTTP header. Exploiting this vulnerability allows a malicious actor to deploy malicious elements on a website and force users to activate them through specially crafted web...

4.3CVSS6.7AI score0.08323EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2015/09/23 1:43 p.m.32 views

VK.com: CSRF в получении резервных токенов+framing , приводящие к компроментации 2fa

Отсутствие hash на вывод списка резервных кодов...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2015/03/27 12:0 a.m.24 views

Chamilo LCMS Connect 4.1 Clickjacking

Hi Team, Affected Vendor: http://lcms.chamilo.org/ Date: 27/03/2015 Discovered by: Joel Vadodil Varghese Type of vulnerability: Clickjacking Tested on: Windows 7 Product: LCMS Connect Version: 4.1 Description: Chamilo is an open-source under GNU/GPL licensing e-learning and content management...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.27 views

PoPToP PPTP <= 1.1.4-b3 Remote Root Exploit (poptop-sane.c)

No description provided by source. / Fixed Exploit against PoPToP in Linux poptop-sane.c ./r4nc0rwh0r3 of blightninjas [email protected] blightninjas: bringing pain, suffering, and humiliation to the security world Expect more great release like helloworld-annotated.c and cd explained...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2014/06/27 12:30 p.m.43 views

Faceless: Tap Jacking Attack on Button Tags

UI Redressing Tap jacking attack may trick users into tapping a specifically crafted malicious App popup window e.g. toast view, making it a gateway for varied threats such as framing attack. Using this technique, a malicious App could potentially trick a user into making purchases, clicking on...

1.7AI score
Exploits0
Hacker One
Hacker One
added 2014/04/17 6:17 p.m.29 views

Localize: ClickJacking

It allows remote attackers to do some clickjacking which can be used for adding arbitrary tasks . Why? Almost all of your page has missing X-FRAME-OPTIONS header. Websites are at risk of a clickjacking attack when they allow content to be embedded within a frame. An attacker may use this risk to...

3.9AI score
Exploits0
UbuntuCve
UbuntuCve
added 2013/03/14 3:10 a.m.23 views

CVE-2012-4459

Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service crash via a crafted message, which triggers an out-of-bounds read...

5CVSS6AI score0.09212EPSS
Exploits0References3
Prion
Prion
added 2013/03/14 3:10 a.m.21 views

Out-of-bounds

The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service assertion failure and daemon exit via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not...

5CVSS7.2AI score0.03184EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2013/03/12 3:0 p.m.25 views

CVE-2012-4460

The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service assertion failure and daemon exit via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not...

6.7AI score0.03184EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2013/03/12 12:0 a.m.6 views

PT-2013-1674 · Apache · Apache Qpid

Name of the Vulnerable Software and Affected Versions: Apache Qpid versions 0.20 and earlier Description: The issue affects the serializing/deserializing functions in the qpid::framing::Buffer class, allowing remote attackers to cause a denial of service through unspecified vectors, potentially...

5CVSS6.5AI score0.03184EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2012/02/08 7:45 p.m.8 views

SquirrelMail: Prone to clickjacking attacks

functions/pageheader.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

4.3CVSS5.8AI score0.01807EPSS
Exploits1References4
OSV
OSV
added 2011/08/10 9:55 p.m.6 views

DEBIAN-CVE-2011-3127

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for 1 admin or 2 login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

5.8CVSS6.3AI score0.01525EPSS
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.10 views

Sites can change framed content on other sites – Opera Security Advisories

Sites can change framed content on other sites – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Problem Description Scripts are able to change the addresses of framed pages that come from the same site. Due to a flaw in the way that Opera checks what frames can be...

5.7AI score
Exploits0References1
NVD
NVD
added 2008/08/04 7:41 p.m.31 views

CVE-2008-3456

phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack...

6.4CVSS6.2AI score0.02388EPSS
Exploits2References13
Prion
Prion
added 2008/08/04 7:41 p.m.19 views

Cross site scripting

phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack...

6.4CVSS6.4AI score0.02388EPSS
Exploits2References13Affected Software1
UbuntuCve
UbuntuCve
added 2008/08/04 7:41 p.m.33 views

CVE-2008-3456

phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack...

6.4CVSS5.9AI score0.02388EPSS
Exploits2References1
OSV
OSV
added 2008/08/04 7:41 p.m.2 views

DEBIAN-CVE-2008-3456

phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack...

6.4CVSS6.7AI score0.02388EPSS
Exploits2References1
Rows per page
Query Builder