5323 matches found
CVE-2024-36076
Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomain in the same browser session...
CVE-2024-36076
Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomain in the same browser session...
CVE-2024-36076
CVE-2024-36076 affects SysReptor, with vulnerable versions 2024.28–2024.30. The issue is Cross-Site WebSocket Hijacking, allowing an attacker to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomain within the same browser sess...
CVE-2024-36076
Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomain in the same browser session...
PT-2024-26885
Name of the Vulnerable Software and Affected Versions SysReptor versions 2024.28 through 2024.30 SysReptor versions prior to 2024.40 Description The issue allows attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomai...
CVE-2023-26566
Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface ARI, which allows remote attackers to reconfigure Asterisk and make external and internal calls via HTTP and WebSocket requests sent to the API...
CVE-2022-32504
An issue was discovered on certain Nuki Home Solutions devices. The code used to parse the JSON objects received from the WebSocket service provided by the device leads to a stack buffer overflow. An attacker would be able to exploit this to gain arbitrary code execution on a KeyTurner device. Th...
RHEL 6 : webkitgtk (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution CVE-2021-30954...
RHEL 7 : webkitgtk (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution CVE-2021-30954...
CVE-2023-26566
CVE-2023-26566 affects Sangoma FreePBX 1805–2203 on Linux, with hardcoded Asterisk REST Interface (ARI) credentials. This enables remote attackers to reconfigure Asterisk and place calls via ARI endpoints over HTTP and WebSocket. The connected sources note the issue and provide remediation guidan...
CVE-2022-32504
Technical details for CVE-2022-32504 are not publicly provided in the supplied documents. No concrete exploit, impact, or remediation information is present here. Monitor for updates.
1Panel arbitrary file write vulnerability
Summary There are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. We can use the following mirror configuration write symbol to achieve arbitrary file writing PoC Dockerfile FROM bash:latest COPY...
Arbitrary Code Execution
ipython is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper origin validation of websocket requests, allowing remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page...
Tomcat: WebSocket DoS with incomplete closing handshake
A denial of service DoS vulnerability present in the Apache Tomcat package arises from an incomplete cleanup process. Specifically, WebSocket clients can perpetuate WebSocket connections without proper termination, thereby causing a sustained drain on system resources. This vulnerability...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 6.0.2 release and security update
An update is now available for Red Hat JBoss Web Server 6.0.2 on Red Hat Enterprise Linux versions 8 and 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Tomcat: WebSocket DoS with incomplete closing handshake
A denial of service DoS vulnerability present in the Apache Tomcat package arises from an incomplete cleanup process. Specifically, WebSocket clients can perpetuate WebSocket connections without proper termination, thereby causing a sustained drain on system resources. This vulnerability...
Tomcat: WebSocket DoS with incomplete closing handshake
A denial of service DoS vulnerability present in the Apache Tomcat package arises from an incomplete cleanup process. Specifically, WebSocket clients can perpetuate WebSocket connections without proper termination, thereby causing a sustained drain on system resources. This vulnerability...
Tomcat: WebSocket DoS with incomplete closing handshake
A denial of service DoS vulnerability present in the Apache Tomcat package arises from an incomplete cleanup process. Specifically, WebSocket clients can perpetuate WebSocket connections without proper termination, thereby causing a sustained drain on system resources. This vulnerability...
RHEL 8 / 9 : Red Hat JBoss Web Server 6.0.2 (RHSA-2024:1916)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1916 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache...
SUSE: Security Advisory (SUSE-SU-2024:1345-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...