Gohide - Tunnel Port To Port Traffic Over An Obfuscated Channel With AES-GCM Encryption

Tunnel port to port traffic via an obfuscated channel with AES-GCM encryption. Obfuscation Modes Session Cookie HTTP GET http-client Set-Cookie Session Cookie HTTP/2 200 OK http-server WebSocket Handshake "Sec-WebSocket-Key" websocket-client WebSocket Handshake "Sec-WebSocket-Accept"...

Windows shellcode stage, Find Tag Ordinal Stager

Custom shellcode stage. Use an established connection Module Options msf use payload/windows/custom/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options... msf payloadfindtag run This module requires Metasploit...

nodejs: DNS rebinding in --inspect via invalid IP addresses

A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided for instance, 10.0.2.555 is provided, browsers such as Firefox will make DNS requests ...

The vulnerability in the implementation of the WebSocket server module for Jabber/XMPP Prosody allows a attacker to cause a service failure.

The vulnerability of the WebSocket server implementation for Jabber/XMPP Prosody is related to an incorrect limitation on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to cause service failures...

CVE-2022-1368

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an...

Command Injection

tomcat6 is vulnerable to command injection. Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper error handling in WebSocket connection. By sending a specially-crafted WebSocket message...

CVE-2021-3690

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...

CVE-2021-3690

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...

DEBIAN-CVE-2021-3690

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...

UBUNTU-CVE-2021-3690

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...

Design/Logic Flaw

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...

CVE-2021-3690

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...

CVE-2021-3690

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...

CVE-2021-3690

CVE-2021-3690 affects Undertow: a buffer leak on the incoming WebSocket PONG message can cause memory exhaustion leading to DoS. The vulnerability impacts Undertow-based components (WebSocket handling). A security update/patch for Undertow is available per OSV/OESA entries; exploit details are no...

CVE-2021-3690

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...

GO-2022-0947

In Mellium mellium.im/xmpp, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during verification...

adsbx_browser (=0.1.0), adsbx_screenshot (>=0.1.0 <=1.4.1) +98 more potentially affected by CVE-2022-35922 via websocket (>=0.10.5 <=0.24.0)

websocket CARGO version =0.10.5, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.0.6, =1.0.0, =0.1.0, =0.0.0, =0.1.0, =0.1.2, =0.3.3, =0.6.25, =0.0.3, =0.1.0, =0.1.1 and more Source cves: CVE-2022-35922 Source advisory: OSV:GHSA-QRJV-RF5Q-QPXC...

GHSA-QRJV-RF5Q-QPXC Rust-WebSocket memory allocation based on untrusted length

Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...

Rust-WebSocket memory allocation based on untrusted length

Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...

Important: tomcat8

Issue Overview: A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocket connection closing, the application may continue to use the socket after it has been closed. In this case, the error handling triggered could cause the pooled...