Lucene search
K

301 matches found

Prion
Prion
added 2019/09/04 2:15 p.m.25 views

Cross site scripting

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is...

4.3CVSS6.5AI score0.01099EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/09/04 1:40 p.m.80 views

CVE-2019-13209

CVE-2019-13209 affects Rancher Server 2.x up to 2.2.4, vulnerable to Cross-Site Websocket Hijacking (CSWSH). The attack requires a logged-in Rancher user to visit a third-party site hosted by the attacker; the attacker can then issue commands against the cluster’s Kubernetes API using the victim’...

6.1CVSS6.5AI score0.01099EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/09/04 1:40 p.m.21 views

CVE-2019-13209

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is...

6.5AI score0.01099EPSS
Exploits0References2
OSV
OSV
added 2019/07/30 8:47 p.m.18 views

GHSA-J3JP-GVR5-7HWQ python-engineio vulnerable to Cross-Site Request Forgery (CSRF)

WebSocket cross-origin vulnerability Impact This is a Cross-Site Request Forgery CSRF vulnerability. It affects Socket.IO and Engine.IO web servers that authenticate clients using cookies. Patches python-engineio version 3.9.0 patches this vulnerability by adding server-side Origin header checks...

8.8CVSS8.8AI score0.00828EPSS
Exploits0References6
Veracode
Veracode
added 2019/07/16 7:27 a.m.12 views

Cross-Site WebSocket Hijacking (CSWSH)

python-engineio is vulnerable to Cross-Site WebSocket Hijacking CSWSH. A lack of validation in the Origin header in the websocket connection request allows a remote attacker to hijack a websocket connection by exploiting the vulnerability similar to how a cross-site request forgery vulnerability ...

8.8CVSS8.3AI score0.00828EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/07/16 12:15 a.m.2 views

DEBIAN-CVE-2019-13611

An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...

8.8CVSS8.3AI score0.00828EPSS
Exploits0References1
OSV
OSV
added 2019/07/16 12:15 a.m.17 views

CVE-2019-13611

An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...

8.8CVSS8.5AI score
Exploits0References1
NVD
NVD
added 2019/07/16 12:15 a.m.12 views

CVE-2019-13611

An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...

8.8CVSS8.6AI score0.00828EPSS
Exploits0References1
Prion
Prion
added 2019/07/16 12:15 a.m.10 views

Cross site scripting

An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...

6.8CVSS8.4AI score0.00828EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/07/16 12:15 a.m.22 views

PYSEC-2019-170

An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...

8.8CVSS4.2AI score0.00828EPSS
Exploits0References2
OSV
OSV
added 2019/07/16 12:15 a.m.2 views

UBUNTU-CVE-2019-13611

An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...

8.8CVSS6.9AI score0.00828EPSS
Exploits0References3
CVE
CVE
added 2019/07/15 11:17 p.m.211 views

CVE-2019-13611

CVE-2019-13611 affects python-engineio up to version 3.8.2, enabling Cross-Site WebSocket Hijacking (CSWSH) where an attacker can open WebSocket connections using a victim’s credentials due to unrestricted Origin header. NVD lists CVSSv3 base score 8.8 (HIGH) with NETWORK attack vector, requires ...

8.8CVSS8.4AI score0.00828EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/07/15 11:17 p.m.25 views

CVE-2019-13611

An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...

8.6AI score0.00828EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/07/15 12:0 a.m.9 views

PT-2019-4805 · Python · Python-Engineio

Name of the Vulnerable Software and Affected Versions: python-engineio versions 3.8.2 and earlier Description: The issue is related to a Cross-Site WebSocket Hijacking CSWSH vulnerability, also referred to as a Cross-Site Request Forgery CSRF vulnerability. This vulnerability allows attackers to...

9.8CVSS6.7AI score0.64284EPSS
Exploits7References161
Hacker One
Hacker One
added 2019/04/11 9:12 a.m.124 views

Coda: Lack or Origin check leads to Cross-Site Websocket Hijacking (CSWSH)

Summary @fisher discovered a CSRF-related vulnerability in Coda docs by which an attacked could craft a convincing page that would make modifications to a specific document without the victim knowing. This is due to the inherent nature of Websockets not being secure by default. Although a...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2018/10/08 12:0 a.m.42 views

FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure

FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure Title: FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-06 Vendor: FLIR Systems, Inc. Link: https://www.flir.com Tested on: nginx/1.12.1, nginx/1.10.2, nginx/1.8.0,...

7.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2018/10/06 12:0 a.m.2139 views

FLIR Systems FLIR Thermal Traffic Cameras Websocket Device Manipulation

Summary FLIR TrafiOne is an all-round detection sensor for traffic monitoring and dynamic traffic signal control. Offered in a compact and affordable package, the FLIR TrafiOne uses thermal imaging and Wi-Fi technology to adapt traffic signals based on the presence detection of vehicles, bicycles...

9.3CVSS5.7AI score0.00283EPSS
Exploits1
myhack58
myhack58
added 2017/05/03 12:0 a.m.40 views

WebSocket vulnerability and protection details-vulnerability warning-the black bar safety net

socket description A socket is a network communication of an endpoint. the socket is always divided into two parts: an IP address and a port. For example:when you visit www. myhack58. com, your computer and the website server is using socket(endpoints to communicate. The website endpoint will be:...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2017/03/07 7:55 a.m.56 views

Legal Robot: Cross Site WebSocket Hijacking

Description: The given URL fails to validate Origin header- leading to Cross-Site WebSocket Hijacking. Impact: The impact, however, depends on how the server is configured. For example, it might require an authentication token which are user specific. In such cases, it might not be as sever as it...

0.4AI score
Exploits0
myhack58
myhack58
added 2016/05/11 12:0 a.m.879 views

In-depth understanding of cross-site WebSocket hijacking vulnerability principle and prevention-vulnerability and early warning-the black bar safety net

Preamble WebSocket as the HTML5 new features, one of extra to attract the developer's attention, because it appears that the client mainly refers to the browser provided on the Socket support as possible, so in between the client and server provides a based on a single TCP connection is a...

7.4AI score
Exploits0
Rows per page
Query Builder