Lucene search
K

124 matches found

Exploit DB
Exploit DB
added 2018/05/16 12:0 a.m.64 views

Inteno IOPSYS 2.0 < 4.2.0 - 'p910nd' Remote Command Execution

''' Any authenticated user can modify the configuration for it in a way which allows them to read and append to any file as root. This leads to information disclosure and remote code execution. This vulnerability has been assigned the CVE ID: CVE-2018-10123. This PoC requires Python 3.6 and a...

9CVSS8.8AI score0.10889EPSS
Exploits5
Veracode
Veracode
added 2017/11/17 10:21 a.m.15 views

Man-in-the-Middle (MitM)

nv-websocket-client is vulnerable to man-in-the-middle MitM attacks. The library accepts a trusted certificate issued to domain A when connecting to domain B, allowing a malicious user to conduct a man-in-the-middle attack...

5.9CVSS5.6AI score0.0066EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/11/17 2:29 a.m.21 views

CVE-2017-1000209

The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate...

5.9CVSS5.6AI score0.0066EPSS
Exploits0References1
CNVD
CNVD
added 2017/10/20 12:0 a.m.0 views

Java WebSocket client nv-websocket-client Man-in-the-Middle Attack Vulnerability

Java WebSocket client nv-websocket-client is a set of open source Java-based WebSocker client implementation . A security vulnerability exists in Java WebSocket client nv-websocket-client, which stems from the program's failure to verify that the server hostname matches the domain name. An attack...

5.9CVSS6.8AI score0.0066EPSS
Exploits0References1
Rows per page
Query Builder