288 matches found
Multiple Cross-Site Scripting Vulnerabilities in Wordpress Plugin classbyte
ClassByte is a Wordpress plugin that allows the user to connect an instance of ClassByte to the user's WordPress site. Wordpress plugin classbyte has an xss vulnerability due to improper filtering of user input, which allows attackers to frame malicious web pages and trick users into parsing them...
Wordpress plugin content-glass-button has multiple cross-site scripting vulnerabilities
Content Glass is a social tool that allows website users to share widgets with peers-groups with page address fields or TLDs. The Wordpress plugin content-glass-button is vulnerable to an xss vulnerability due to improper filtering of user input, which allows attackers to frame malicious web page...
Cross-site scripting vulnerability in Wordpress plugin border-loading-bar
WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. WordPress can also be used as a content management system CMS. Wordpress plugin border-loading-bar has an xss vulnerability due to...
The vulnerability of the Apache ActiveMQ software platform allows attackers to deploy malicious elements on a page and force users to activate them.
The vulnerability of the Apache ActiveMQ software platform’s web console is related to errors in sending the X-Frame-Options HTTP header. Exploiting this vulnerability allows a malicious actor to deploy malicious elements on a website and force users to activate them through specially crafted web...
VK.com: CSRF в получении резервных токенов+framing , приводящие к компроментации 2fa
Отсутствие hash на вывод списка резервных кодов...
Chamilo LCMS Connect 4.1 Clickjacking
Hi Team, Affected Vendor: http://lcms.chamilo.org/ Date: 27/03/2015 Discovered by: Joel Vadodil Varghese Type of vulnerability: Clickjacking Tested on: Windows 7 Product: LCMS Connect Version: 4.1 Description: Chamilo is an open-source under GNU/GPL licensing e-learning and content management...
PoPToP PPTP <= 1.1.4-b3 Remote Root Exploit (poptop-sane.c)
No description provided by source. / Fixed Exploit against PoPToP in Linux poptop-sane.c ./r4nc0rwh0r3 of blightninjas [email protected] blightninjas: bringing pain, suffering, and humiliation to the security world Expect more great release like helloworld-annotated.c and cd explained...
Faceless: Tap Jacking Attack on Button Tags
UI Redressing Tap jacking attack may trick users into tapping a specifically crafted malicious App popup window e.g. toast view, making it a gateway for varied threats such as framing attack. Using this technique, a malicious App could potentially trick a user into making purchases, clicking on...
Localize: ClickJacking
It allows remote attackers to do some clickjacking which can be used for adding arbitrary tasks . Why? Almost all of your page has missing X-FRAME-OPTIONS header. Websites are at risk of a clickjacking attack when they allow content to be embedded within a frame. An attacker may use this risk to...
CVE-2012-4459
Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service crash via a crafted message, which triggers an out-of-bounds read...
Out-of-bounds
The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service assertion failure and daemon exit via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not...
CVE-2012-4460
The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service assertion failure and daemon exit via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not...
PT-2013-1674 · Apache · Apache Qpid
Name of the Vulnerable Software and Affected Versions: Apache Qpid versions 0.20 and earlier Description: The issue affects the serializing/deserializing functions in the qpid::framing::Buffer class, allowing remote attackers to cause a denial of service through unspecified vectors, potentially...
SquirrelMail: Prone to clickjacking attacks
functions/pageheader.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
DEBIAN-CVE-2011-3127
WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for 1 admin or 2 login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
Sites can change framed content on other sites – Opera Security Advisories
Sites can change framed content on other sites – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Problem Description Scripts are able to change the addresses of framed pages that come from the same site. Due to a flaw in the way that Opera checks what frames can be...
CVE-2008-3456
phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack...
Cross site scripting
phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack...
CVE-2008-3456
phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack...
DEBIAN-CVE-2008-3456
phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack...