ManageEngine OpManager Plus < 12.7.109 / 12.7.110 < 12.7.120 / 12.7.121 < 12.7.131 Cross-Site WebSocket Hijacking

The version of ManageEngine OpManager running on the remote web server is prior to 12.7.109, or version 12.7.110 prior to 12.7.120, or version 12.7.121 prior to 12.7.131. It therefore has a vulnerability in the WebSocket endpoint that allows Cross-site WebSocket hijacking. Note that Nessus has no...

[SECURITY] Fedora 38 Update: python-aiohttp-3.8.5-1.fc38

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

CVE-2023-29505

An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking...

CVE-2023-29505

An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking...

Cross site scripting

An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking...

CVE-2023-29505

An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking...

CVE-2023-29505

Zoho ManageEngine Network Configuration Manager 12.6.165 has a WebSocket endpoint vulnerability that enables Cross-site WebSocket hijacking. The connected documents consistently identify the affected product/version and the attack class, but do not provide concrete exploit details, affected confi...

ZOHO ManageEngine Network Configuration Manager Access Control Error Vulnerability

ZOHO ManageEngine Network Configuration Manager is a multi-vendor network change, configuration and compliance management nccm solution from ZOHO. It is designed to automate and fully control the entire lifecycle of device configuration management. A security vulnerability exists in ZOHO...

CVE-2023-29505

An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking...

PT-2023-22287 · Zoho · Zoho Manageengine Network Configuration Manager

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Network Configuration Manager version 12.6.165 Description: An issue was discovered in the WebSocket endpoint, allowing Cross-site WebSocket hijacking. Recommendations: For Zoho ManageEngine Network Configuration Manager...

8x8 Bounty: Jitsi: Bridge Message Spoofing due to Improper JSON Handling leads to Prototype Pollution

The Jitsi VideoBridge failed to properly handle JSON messages with duplicate colibriClass keys, enabling clients to send messages interpreted differently by the bridge and resulting in unauthorized actions within video conferences. Jitsi Security Advisory has been published...

Websocket Session Hijacking

nodebb is vulnerable to Websocket Session Hijacking. The vulnerability exists due to missing csrf token in the request which allows an attacker to gain access to private information via cross-origin websocket session hijacking...

CVE-2022-46902

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the...

CVE-2022-46901

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This...

CVE-2022-46901

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This...

CVE-2022-46901

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This...

CVE-2022-46902

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the...

CVE-2022-46898

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file...

Design/Logic Flaw

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This...

Path traversal

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the...