50 matches found
EUVD-2024-0618
Malicious code in bioql PyPI...
EUVD-2024-0724
Malicious code in bioql PyPI...
EUVD-2024-0450
Malicious code in bioql PyPI...
CVE-2024-26135
MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking CSWSH vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is...
CVE-2023-51837
Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation...
CVE-2023-51842
An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16...
CVE-2023-51838
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm...
Cross-site Websocket Hijacking (CSWSH)
meshcentral is vulnerable to Cross-site Websocket HijackingCSWSH. The vulnerability is due to missing origin checks when using the control.ashx endpoint in MeshCentral. If an attacker can convince an admin end-user to click on a malicious link, they then can access the control.ashx admin panel...
MeshCentral cross-site websocket hijacking (CSWSH) vulnerability
We have identified a cross-site websocket hijacking CSWSH vulnerability within the control.ashx endpoint of MeshCentral. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. To demonstrate the impact of the vulnerability we developed a...
GHSA-CP68-QRHR-G9H8 MeshCentral cross-site websocket hijacking (CSWSH) vulnerability
We have identified a cross-site websocket hijacking CSWSH vulnerability within the control.ashx endpoint of MeshCentral. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. To demonstrate the impact of the vulnerability we developed a...
CVE-2024-26135
MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking CSWSH vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is...
Cross site scripting
MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking CSWSH vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is...
CVE-2024-26135 MeshCentral cross-site websocket hijacking (CSWSH) vulnerability
MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking CSWSH vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is...
CVE-2024-26135 MeshCentral cross-site websocket hijacking (CSWSH) vulnerability
MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking CSWSH vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is...
CVE-2024-26135
Vulnerability summary (CVE-2024-26135): MeshCentral versions prior to 1.1.21 have a cross-site websocket hijacking (CSWSH) vulnerability in the control.ashx endpoint. An attacker can lure a victim/admin to a malicious page and originate a cross-site websocket connection to control.ashx, enabling ...
CVE-2024-26135 MeshCentral cross-site websocket hijacking (CSWSH) vulnerability
MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking CSWSH vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is...
PT-2024-1978 · Unknown · Meshcentral
Name of the Vulnerable Software and Affected Versions: MeshCentral versions prior to 1.1.21 Description: The issue is a cross-site websocket hijacking CSWSH vulnerability within the "control.ashx" endpoint, which is the primary mechanism used to perform administrative actions on the server. This...
MeshCentral Security Vulnerability
MeshCentral is a complete web-based remote monitoring and management site for the MeshCentral community. A security vulnerability exists in MeshCentral versions prior to 1.1.21 that stems from the presence of a cross-site websocket hijacking vulnerability...
Insecure Cryptographic Algorithm
Ylianst MeshCentral is vulnerable to the use of an Insecure Cryptographic Algorithm. The vulnerability is due to the usage of the HMAC-MD5 algorithm, which allows an attacker to brute force the encrypted content...
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm...