5118 matches found
Design/Logic Flaw
iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials...
CVE-2016-5757
iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials...
CVE-2016-5757
iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials...
CVE-2016-5757
CVE-2016-5757 affects NetIQ Access Manager: iManager Admin Console in NAM 4.1 (before 4.1.2 Hot Fix 1) and 4.2 (before 4.2.2). Root cause is an iFrame manipulation vulnerability that could allow remote attackers to gain access to authentication credentials. The connected sources confirm affected ...
autabuy.com IFRAME Injection vulnerability
Vulnerable URL: http://www.autabuy.com/linkout/?goto=https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 15:42 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 522586 VIP...
Dashbuilder: Lack of clickjacking protection on the login page
It was discovered that the Dashbuilder login page could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...
UBUNTU-CVE-2017-5045
XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page...
CVE-2017-5407
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information...
teamgear.us IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-217086 Description| Value ---|--- Affected Website:| teamgear.us Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
gotalk.ru IFRAME Injection vulnerability
Vulnerable URL: http://www.gotalk.ru/demo?url=openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 2826351 VIP website status:| No Check gotalk.ru SSL...
voyeursexvideos.com IFRAME Injection vulnerability
Vulnerable URL: http://www.voyeursexvideos.com/search.php?sq=" XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 47584 VIP website status:| Yes Check...
adoption.com IFRAME Injection vulnerability
Vulnerable URL: https://adoption.com/searchadoption?q=" XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 113299 VIP website status:| No Coordinated Disclosure...
cityoflondon.gov.uk IFRAME Injection vulnerability
Vulnerable URL: https://www.cityoflondon.gov.uk/search/results.aspx?k=" XANY Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 10:38 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 104340 VIP websit...
Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass
Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass DOMWindow::openconst String& urlString, const AtomicString& frameName, const String& windowFeaturesString, DOMWindow& activeWindow, DOMWindow& firstWindow ... ---------------- 1 ----------------------- if...
Apple WebKit Pop-Up Blocker Bypass Exploit
AppleWebKit suffers from a bypass in the pop-up blocker via a cross-origin or sandboxed iframe. Apple WebKit: Bypass pop-up blocker via cross-origin or sandboxed iframe. CVE-2017-2371 The second argument of window.open is a name for the new window. If there's a frame that has same name, it will t...
Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass
DOMWindow::openconst String& urlString, const AtomicString& frameName, const String& windowFeaturesString, DOMWindow& activeWindow, DOMWindow& firstWindow ... ---------------- 1 ----------------------- if !firstWindow.allowPopUp tree.findframeName return nullptr;...
Apple WebKit: Bypass pop-up blocker via cross-origin or sandboxed iframe (CVE-2017-2371)
The second argument of window.open is a name for the new window. If there's a frame that has same name, it will try to load the URL in that. If not, it just tries to create a new window and pop-up. But without the user's click event, its attempt will fail. Here's some snippets. RefPtr...
loopsuae.com IFRAME Injection vulnerability
Vulnerable URL: http://loopsuae.com/searchresults.php?action=dosearch="' XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 11554439 VIP website status:| No Check...
usa-fund.com IFRAME Injection vulnerability
Vulnerable URL: http://www.usa-fund.com/controlpanel/index.php Details: Description| Value ---|--- Patched:| No Latest check for patch:| 04.08.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...
theecologist.org IFRAME Injection vulnerability
Vulnerable URL: http://www.theecologist.org/search.php?q=" XANY Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 10:34 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 197358 VIP website status:| No...