124 matches found
Inteno IOPSYS 2.0 < 4.2.0 - 'p910nd' Remote Command Execution
''' Any authenticated user can modify the configuration for it in a way which allows them to read and append to any file as root. This leads to information disclosure and remote code execution. This vulnerability has been assigned the CVE ID: CVE-2018-10123. This PoC requires Python 3.6 and a...
Man-in-the-Middle (MitM)
nv-websocket-client is vulnerable to man-in-the-middle MitM attacks. The library accepts a trusted certificate issued to domain A when connecting to domain B, allowing a malicious user to conduct a man-in-the-middle attack...
CVE-2017-1000209
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate...
Java WebSocket client nv-websocket-client Man-in-the-Middle Attack Vulnerability
Java WebSocket client nv-websocket-client is a set of open source Java-based WebSocker client implementation . A security vulnerability exists in Java WebSocket client nv-websocket-client, which stems from the program's failure to verify that the server hostname matches the domain name. An attack...