Lucene search
K

5125 matches found

CNVD
CNVD
added 2015/10/30 12:0 a.m.3 views

Red Hat Enterprise Application Platform Clickjacking Attack Vulnerability

Red Hat Enterprise Application Platform is the United States Red Hat Red Hat, Inc. of a set of open source, J2EE-based middleware platform, which is mainly used to build, deploy and host Java applications and services. A clickjacking attack vulnerability exists in Red Hat Enterprise Application...

4.3CVSS6.7AI score0.01743EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/10/15 3:58 p.m.3 views

AS/WildFly: missing X-Frame-Options header leading to clickjacking

It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...

4.3CVSS5.9AI score0.01743EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/10/15 3:40 p.m.1 views

AS/WildFly: missing X-Frame-Options header leading to clickjacking

It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...

4.3CVSS5.9AI score0.01743EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/10/15 3:40 p.m.33 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.4 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.4 and fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common...

6.8CVSS7.3AI score0.02978EPSS
Exploits0References18
RedHat Linux
RedHat Linux
added 2015/10/15 3:28 p.m.2 views

AS/WildFly: missing X-Frame-Options header leading to clickjacking

It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...

4.3CVSS5.9AI score0.01743EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2015/10/12 1:0 a.m.31 views

CVE-2015-1303

Removed by vendor...

7.5CVSS9.4AI score0.01729EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2015/09/29 9:55 a.m.1 views

chromium-browser: Cross-origin bypass in DOM

bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME...

7.5CVSS7.4AI score0.01729EPSS
Exploits1References5
OSV
OSV
added 2015/09/29 12:0 a.m.3 views

UBUNTU-CVE-2015-1303

bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME...

7.5CVSS7.3AI score0.01729EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2015/09/26 12:0 a.m.57 views

X2Engine 4.2 Cross Site Request Forgery

Vulnerability title: Cross-Site Request Forgery In X2Engine Inc. X2Engine CVE: CVE-2015-5075 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that no protection against Cross-site Request Forgery attacks was...

6.8CVSS0.7AI score0.02756EPSS
Exploits4
exploitpack
exploitpack
added 2015/09/25 12:0 a.m.42 views

X2Engine 4.2 - Cross-Site Request Forgery

X2Engine 4.2 - Cross-Site Request Forgery Source: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5075/ Details: It was discovered that no protection against Cross-site Request Forgery attacks was implemented, resulting in an attacker being able to...

6.8CVSS0.9AI score0.02756EPSS
Exploits4
Openbugbounty
Openbugbounty
added 2015/09/20 9:22 a.m.18 views

hedgeconnection.com IFRAME Injection vulnerability

Vulnerable URL: http://www.hedgeconnection.com/atlas/jump.php?url=http://xssposed.org/ Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 08:10 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 1621899...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2015/09/18 2:34 a.m.4 views

CVE-2014-3656

JBoss KeyCloak: XSS in login-status-iframe.html...

6.1CVSS5.9AI score0.00662EPSS
Exploits0References1
0day.today
0day.today
added 2015/09/09 12:0 a.m.24 views

Auto-Exchanger 5.1.0 - CSRF Vulnerability

Exploit for php platform in category web applications INPUT type='h...

6.8CVSS0.2AI score0.01982EPSS
Exploits5
Exploit DB
Exploit DB
added 2015/09/09 12:0 a.m.32 views

Auto-Exchanger 5.1.0 - Cross-Site Request Forgery

INPUT type='hidden' maxLength=60 size=30 name="mail" id="mail" value="vi...

6.8CVSS7AI score0.01982EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2015/09/09 12:0 a.m.41 views

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2735-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2735-1 advisory. It was discovered that the DOM tree could be corrupted during parsing in some circumstances. If a user were tricked in to opening a specially crafted...

8.8CVSS8.7AI score0.02568EPSS
Exploits2References9
OSV
OSV
added 2015/09/08 8:53 p.m.8 views

USN-2735-1 oxide-qt vulnerabilities

It was discovered that the DOM tree could be corrupted during parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions or cause a denial of service. CVE-2015-1291 An issue was...

8.8CVSS7.5AI score0.02568EPSS
Exploits2References10
Openbugbounty
Openbugbounty
added 2015/09/07 9:28 a.m.13 views

justdial.com XSS vulnerability

Vulnerable URL: http://www.justdial.com/Pune%22%3E%3Ciframe/onload=alert%28/XSSPOSED/%29%3E/rk Details: Description| Value ---|--- Patched:| Yes, at 03.07.2017 Latest check for patch:| 03.07.2017 09:09 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 470 Google...

6.3AI score
Exploits0
CNVD
CNVD
added 2015/09/06 12:0 a.m.3 views

Google Chrome Blink Information Disclosure Vulnerability (CNVD-2015-05857)

Google Chrome is a WEB-based browser. A security vulnerability in the FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Google Chrome Blink allows remote attackers to construct malicious WEB page and trick users into parsing it, which can be...

5CVSS8.7AI score0.01747EPSS
Exploits0References1
Prion
Prion
added 2015/09/03 10:59 p.m.24 views

Session fixation

The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive...

5CVSS6AI score0.01747EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2015/09/03 10:0 p.m.23 views

CVE-2015-1291

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...

8.3AI score0.01714EPSS
Exploits0References9
Rows per page
Query Builder