Lucene search
K

136 matches found

Prion
Prion
added 2023/08/04 3:15 p.m.24 views

Cross site scripting

An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking...

6.8CVSS8.5AI score0.00894EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/07/05 8:15 p.m.4 views

CVE-2023-36622

The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter...

7.2CVSS5.9AI score0.0137EPSS
Exploits1References2
Prion
Prion
added 2023/06/13 9:15 p.m.22 views

Design/Logic Flaw

The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device. This may allow a threat acto...

4.3CVSS5.6AI score0.00384EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2023/04/14 2:15 p.m.32 views

CVE-2022-45175

An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/ID-FILE/c/N/C/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a...

6.5CVSS6.5AI score0.00717EPSS
Exploits1References1
OSV
OSV
added 2023/04/14 2:15 p.m.4 views

CVE-2022-45175

An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/ID-FILE/c/N/C/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a...

6.5CVSS5.8AI score0.00717EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.6 views

LIVEBOX Collaboration vDesk 安全漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions, which stems from an insecure direct object reference may occur in 5.6.5-3/doc/ID-FILE/c/N/C/websocket...

6.5CVSS6.4AI score0.00717EPSS
Exploits1References2
CNVD
CNVD
added 2022/01/24 12:0 a.m.21 views

Unspecified Vulnerability in Mitsubishi Electric MC Works64

Mitsubishi Electric MC Works64 is a data acquisition and monitoring system SCADA from Mitsubishi Electric Japan. A security vulnerability exists in the Mitsubishi Electric MC Works64 that originates in ICONICS and the Mitsubishi Electric ICONICS product suite, where the FrameWorX server in the...

9.8CVSS9.5AI score0.02884EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/01/20 12:0 a.m.5 views

Mitsubishi Electric MC Works64 安全漏洞

Mitsubishi Electric MC Works64 is a data acquisition and monitoring system SCADA from Mitsubishi Electric Japan. A security vulnerability exists in the Mitsubishi Electric MC Works64 that originates in ICONICS and the Mitsubishi Electric ICONICS product suite, where the FrameWorX server in the...

9.8CVSS5.7AI score0.02884EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/26 12:39 a.m.17 views

Security Bulletin: Improper Authentication of Websocket Endpoint in IBM Spectrum Protect Operations Center

Summary Improper authentication of a websocket endpoint in IBM Spectrum Protect Operations Center could allow a remote attacker to obtain sensitive information. Vulnerability Details CVEID: CVE-2020-4771 DESCRIPTION: IBM Spectrum Protect Operations Center could allow a remote attacker to obtain...

5.3CVSS1.6AI score0.01546EPSS
Exploits0Affected Software1
Prion
Prion
added 2020/11/23 5:15 p.m.16 views

Authentication flaw

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could...

5CVSS5.2AI score0.01546EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2020/11/23 12:0 a.m.5 views

IBM Spectrum Protect Operations Center Information Disclosure Vulnerability (CNVD-2020-67638)

IBM Spectrum Protect Operations Center is a software from IBM USA that provides visual control for IBM Spectrum Protect environments. IBM Spectrum Protect Operations Center suffers from a sensitive information disclosure vulnerability caused by a failure to properly authenticate a websocket...

5.3CVSS6AI score0.01546EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/11/20 12:0 a.m.7 views

IBM Spectrum Protect Operations Center 授权问题漏洞

IBM Spectrum Protect Operations Center is a software from IBM USA that provides visual control for IBM Spectrum Protect environments. IBM Spectrum Protect Operations Center suffers from a sensitive information disclosure vulnerability caused by a failure to properly authenticate a websocket...

5.3CVSS6AI score0.01546EPSS
Exploits0References6
OSV
OSV
added 2020/10/22 5:15 p.m.5 views

CVE-2020-27155

An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one...

7.5CVSS7.1AI score0.01251EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2020/10/22 5:15 p.m.3 views

CVE-2020-27155

An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one...

7.5CVSS5.3AI score0.01251EPSS
Exploits0References5
Prion
Prion
added 2018/06/22 6:29 p.m.21 views

Server side request forgery (ssrf)

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...

7.5CVSS9.5AI score0.02308EPSS
Exploits0References2Affected Software1
Kitploit
Kitploit
added 2018/05/16 2:37 p.m.25 views

DNSBin - Tool To Test Data Exfiltration Through DNS (RCE and XXE)

DNSBin is a simple tool to test data exfiltration through DNS and help test vulnerability like RCE or XXE when the environment has significant constraint. The project is in two parts, the first one is the web server and it's component. It offers a basic web UI, for most cases you won't need more...

7.1AI score
Exploits0References2
Rows per page
Query Builder