108 matches found
The vulnerability of microprogrammed software for programmable logic controllers ABB FBXi, FBVi, FBTi, and CBXi lies in the lack of origin verification in WebSockets. This allows attackers to circumvent security restrictions and gain unauthorized access to protected information.
The vulnerability of microprogrammed programmable logic controllers ABB FBXi, FBVi, FBTi, and CBXi is related to the lack of origin verification in WebSockets. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to protected...
RFC 6169 安全漏洞
RFC 6169 is a network protocol open-sourced by RFC. A security vulnerability exists in RFC 6169 that stems from not verifying or validating the origin of network packets. An attacker exploiting this vulnerability could spoof traffic and bypass access control...
CVE-2024-57965
In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',href call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability...
Cross-Site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-Site Request Forgery CSRF via the delete parameter, due to insufficient verification of the origin of HTTP requests. Remediation Upgrade mediawiki/cargo to version 3.7 or higher. References - Gerrit Mediawiki - Wikimedia Phabricat...
Authentication Bypass
GateOne is vulnerable to Authentication Bypass. The vulnerability is due to a flaw in the origin verification mechanism, allowing attackers to bypass the origins list check and connect to Gate One instances from unauthorized hosts...
PT-2024-13012 · Kiloview · P1/P2 +2
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A vulnerability exists that allows attackers to download and execute code from a remote location without properly verifying its origin and integrity. This can enable attackers to...
PT-2024-22622 · Unknown · Io-1020 Micro Eld
Name of the Vulnerable Software and Affected Versions: IO-1020 Micro ELD affected versions not specified Description: The issue concerns the execution of code without sufficient verification of its origin or integrity. This could potentially lead to the execution of malicious code, posing a...
Tenda AC15 跨站请求伪造漏洞
Tenda AC15 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in October 2015, which supports 802.11ac protocol with a theoretical transmission rate of 1900Mbps 600Mbps in 2.4GHz band and 1300Mbps in 5GHz band. The Tenda AC15 suffers from a cross-site request forgery...
The vulnerability of the automation-eda-controller/ansible-rulebook/ansible-automation-platform-installer package of the Red Hat Ansible Automation Platform allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the automation-eda-controller/ansible-rulebook/ansible-automation-platform-installer package of the Red Hat Ansible Automation Platform is related to the lack of origin verification in WebSockets, resulting from an incorrect restriction on the communication channel. Exploitin...
CVE-2024-24782
An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN...
CVE-2024-24782
An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN...
CVE-2024-24782
CVE-2024-24782 describes an access control/origin verification error that allows an unauthenticated attacker to send a ping between isolated networks (across VLAN-segregated ports). Affected products in the connected data include HIMA Paul Hildebrandt F Series and X Series, with the underlying is...
CVE-2024-24782 HIMA: Origin Validation Error in multiple products
An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN...
PT-2024-20559 · Hima · F-Com 01 +19
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification, even though the ports are...
JetBrains TeamCity Cross-Site Request Forgery Vulnerability (CNVD-2025-2049443)
JetBrains TeamCity is a Continuous Integration CI/CD tool developed by JetBrains, Inc. to automate the software build, test and deployment process. JetBrains TeamCity suffers from a cross-site request forgery vulnerability that stems from not adequately verifying that a request is from a trusted...
Cross site scripting
Squidex is an open source headless CMS and content management hub. Affected versions are missing origin verification in a postMessage handler which introduces a Cross-Site Scripting XSS vulnerability. The editor-sdk.js file defines three different class-like functions, which employ a global messa...
Apache Traffic Server 8.x < 8.1.3 Improper Authentication
Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. Note that Nessus did not actually test for these issues, but instead has relied on the version found in the server's banner. %NASLMINLEVEL 80900 C Tenable, Inc...
SUSE CVE-2015-5235
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page...
Debian DSA-5153-1 : trafficserver - security update
The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5153 advisory. Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in HTTP request smuggling or MITM...
PT-2022-17785 · Mendix · Mendix Applications
Name of the Vulnerable Software and Affected Versions: Mendix Applications versions prior to 7.23.29 Description: A vulnerability has been identified in Mendix Applications. The affected framework does not correctly verify if the request was initially made by the user requesting the result when...