Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header.
In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in keychain due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no ...
In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This includes the setti...
A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe...
Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any c...
A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This issue only ...
In ChangeDefaultDialerDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without th...