CVE-2018-8034

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

Exploit for Cross-Site Request Forgery (CSRF) in Eclipse Che

CSWSH-THEIA-CVE-2020-14368 - Report target: Eclipse CHE deplo...

Grandstream UCM6200 Series WebSocket 1.0.20.20 SQL Injection

Exploit Title: Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'userpassword' SQL Injection Date: 2020-03-30 Exploit Author: Jacob Baines Vendor Homepage: http://www.grandstream.com/ Software Link: http://www.grandstream.com/support/firmware/ucm62xx-official-firmware Version: 1.0.20.20 and below...

Grandstream UCM6200 Series WebSocket 1.0.20.20 - (user_password) SQL Injection Exploit

Exploit for hardware platform in category web applications Exploit Title: Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'userpassword' SQL Injection Exploit Author: Jacob Baines Vendor Homepage: http://www.grandstream.com/ Software Link:...

Grandstream UCM6200 Series WebSocket 1.0.20.20 - user_password SQL Injection

Grandstream UCM6200 Series WebSocket 1.0.20.20 - userpassword SQL Injection Exploit Title: Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'userpassword' SQL Injection Date: 2020-03-30 Exploit Author: Jacob Baines Vendor Homepage: http://www.grandstream.com/ Software Link:...

Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'user_password' SQL Injection

Exploit Title: Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'userpassword' SQL Injection Date: 2020-03-30 Exploit Author: Jacob Baines Vendor Homepage: http://www.grandstream.com/ Software Link: http://www.grandstream.com/support/firmware/ucm62xx-official-firmware Version: 1.0.20.20 and below...

CVE-2020-10788

openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections...

CVE-2020-10788

openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections...

Design/Logic Flaw

openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections...

CVE-2020-10788

openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections...

CVE-2020-10788

CVE-2020-10788 affects openITCOCKPIT version prior to 3.7.3, where WebSocket connections use a fixed API key (1fea123e07f730f76e661bced33a94152378611e) instead of generating random keys. Root cause is the use of a static API key for WebSocket authentication, enabling potential unauthorized access...

Huawei EulerOS: Security Advisory for webkitgtk4 (EulerOS-SA-2020-1328)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Integration Bus affected by Apache Tomcat vulnerability CVE-2018-8034

Summary IBM Integration Bus ships Apache Tomcat which is susceptible to vulnerabilities which were reported and have been addressed Vulnerability Details CVEID: CVE-2018-8034 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by a missing host name...

EulerOS 2.0 SP5 : webkitgtk4 (EulerOS-SA-2020-1328)

According to the version of the webkitgtk4 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - WebCore/platform/network/soup/SocketStreamHandleImplSou p.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version...

EulerOS 2.0 SP5 : libsoup (EulerOS-SA-2020-1309)

According to the version of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - WebCore/platform/network/soup/SocketStreamHandleImplSou p.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version...

CVE-2020-9345

An issue was discovered in signotec signoPAD-API/Web formerly Websocket Pad Server before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the application doesn't limit the number of opened WebSocket sockets. If a victim visits an attacker-controlled website, this...

CVE-2020-9343

An issue was discovered in signotec signoPAD-API/Web formerly Websocket Pad Server before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn't limit the parsing of nested JSON structures. If a victim visits an attacker-controlled website, this...

Code injection

An issue was discovered in signotec signoPAD-API/Web formerly Websocket Pad Server before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the application doesn't limit the number of opened WebSocket sockets. If a victim visits an attacker-controlled website, this...

CVE-2020-9345

The CVE affects signotec signoPAD-API/Web (formerly Websocket Pad Server) on Windows prior to version 3.1.1. Root cause: the application does not limit the number of opened WebSocket sockets, enabling a Denial of Service when a victim visits an attacker-controlled site. Reported impact is partial...

CVE-2020-9343

An issue was discovered in signotec signoPAD-API/Web formerly Websocket Pad Server before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn't limit the parsing of nested JSON structures. If a victim visits an attacker-controlled website, this...