search for: xsrf

Release Announcements --------------------- Samba 4.0.2, 3.6.12 and 3.5.21 have been issued as security releases in order to address CVE-2013-0213 (Clickjacking issue in SWAT) and CVE-2013-0214 (Potential XSRF in SWAT). o CVE-2013-0213: All current released versions of Samba are vulnerable to clickjacking in the Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into a malicious web page via a frame or iframe and then overlaid by other content, an attacker could trick...

Release Announcements --------------------- Samba 4.0.2, 3.6.12 and 3.5.21 have been issued as security releases in order to address CVE-2013-0213 (Clickjacking issue in SWAT) and CVE-2013-0214 (Potential XSRF in SWAT). o CVE-2013-0213: All current released versions of Samba are vulnerable to clickjacking in the Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into a malicious web page via a frame or iframe and then overlaid by other content, an attacker could trick...

https://github.com/rails/rails/issues/12374#issuecomment-29446761 Here in discussion I proposed to deprecate JS responder because this technique is insecure and not pragmatic way to transfer data. It can be exploited in this way http://homakov.blogspot.com/2013/05/do-not-use-rjs-like-techniques.html i find this bug very often so i know what i''m talking about. With it attacker can