5125 matches found
Red Hat Enterprise Application Platform Clickjacking Attack Vulnerability
Red Hat Enterprise Application Platform is the United States Red Hat Red Hat, Inc. of a set of open source, J2EE-based middleware platform, which is mainly used to build, deploy and host Java applications and services. A clickjacking attack vulnerability exists in Red Hat Enterprise Application...
AS/WildFly: missing X-Frame-Options header leading to clickjacking
It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...
AS/WildFly: missing X-Frame-Options header leading to clickjacking
It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.4 update
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.4 and fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common...
AS/WildFly: missing X-Frame-Options header leading to clickjacking
It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...
CVE-2015-1303
Removed by vendor...
chromium-browser: Cross-origin bypass in DOM
bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME...
UBUNTU-CVE-2015-1303
bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME...
X2Engine 4.2 Cross Site Request Forgery
Vulnerability title: Cross-Site Request Forgery In X2Engine Inc. X2Engine CVE: CVE-2015-5075 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that no protection against Cross-site Request Forgery attacks was...
X2Engine 4.2 - Cross-Site Request Forgery
X2Engine 4.2 - Cross-Site Request Forgery Source: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5075/ Details: It was discovered that no protection against Cross-site Request Forgery attacks was implemented, resulting in an attacker being able to...
hedgeconnection.com IFRAME Injection vulnerability
Vulnerable URL: http://www.hedgeconnection.com/atlas/jump.php?url=http://xssposed.org/ Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 08:10 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 1621899...
CVE-2014-3656
JBoss KeyCloak: XSS in login-status-iframe.html...
Auto-Exchanger 5.1.0 - CSRF Vulnerability
Exploit for php platform in category web applications INPUT type='h...
Auto-Exchanger 5.1.0 - Cross-Site Request Forgery
INPUT type='hidden' maxLength=60 size=30 name="mail" id="mail" value="vi...
Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2735-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2735-1 advisory. It was discovered that the DOM tree could be corrupted during parsing in some circumstances. If a user were tricked in to opening a specially crafted...
USN-2735-1 oxide-qt vulnerabilities
It was discovered that the DOM tree could be corrupted during parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions or cause a denial of service. CVE-2015-1291 An issue was...
justdial.com XSS vulnerability
Vulnerable URL: http://www.justdial.com/Pune%22%3E%3Ciframe/onload=alert%28/XSSPOSED/%29%3E/rk Details: Description| Value ---|--- Patched:| Yes, at 03.07.2017 Latest check for patch:| 03.07.2017 09:09 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 470 Google...
Google Chrome Blink Information Disclosure Vulnerability (CNVD-2015-05857)
Google Chrome is a WEB-based browser. A security vulnerability in the FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Google Chrome Blink allows remote attackers to construct malicious WEB page and trick users into parsing it, which can be...
Session fixation
The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive...
CVE-2015-1291
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...