CVE-2024-5016

In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage...

CVE-2024-5016 WhatsUp Gold OnMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability

In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage...

CVE-2024-5016

Progress WhatsUp Gold before 2023.1.3 is affected by an OnMessage deserialization vulnerability that allows remote code execution as SYSTEM. The issue occurs in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage (server) and NmDistributed.DistributedClient.OnM...

Denial Of Service (DoS)

nodebb is vulnerable to Denial Of Service. The vulnerability is due to the onMessage function in index.js as there is no validation when passing messages to the eventName.startsWith or eventName.toString methods, which can result in an application crash when the message contains an array or objec...

Cross site scripting in reveal.js

The onmessage event listener in /plugin/notes/speaker-view.html does not check the origin of postMessage before adding the content to the webpage. The vulnerable code allows any origin to postMessage on the browser window and feeds attacker's input to parts using which attacker can execute...