Shopify: H1514 Ability to MiTM Shopify PoS Session to Takeover Communications

Hi @iv-rodriguez, After a decent amount more digging and research, I must disagree with you on the "expecting to work offline" portion. The code actually specifically listens on all local interfaces 0.0.0.0 and the wifi network address is specifically used in the QR code connection string, as sho...

Unspecified Vulnerability in Eclipse Vert.x (CNVD-2019-43401)

Eclipse Vert.x is an Eclipse Foundation toolkit for building responsive applications on the JVM , which is mainly used to build applications such as network utilities , Web applications , HTTP/REST microservices and so on. A security vulnerability exists in the WebSocket HTTP Upgrade implementati...

CVE-2018-12541

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit 8192 bytes above which the WebSocket gets an HTTP response with the...

Denial Of Service (DoS)

vertx-core is vulnerable to a denial of service DoS attack. The websocket implementation does not properly handle HTTP requests properly, buffering the entire request body into memory before the handshake. This can allow a malicious user to pass a large HTTP request to the application to cause it...

Design/Logic Flaw

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit 8192 bytes above which the WebSocket gets an HTTP response with the...

CVE-2018-12541

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit 8192 bytes above which the WebSocket gets an HTTP response with the...

CVE-2018-12541

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit 8192 bytes above which the WebSocket gets an HTTP response with the...

CVE-2018-12541

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit 8192 bytes above which the WebSocket gets an HTTP response with the...

CVE-2018-12541

The CVE-2018-12541 vulnerability affects Eclipse Vert.x WebSocket HTTP upgrade: in versions 3.0.0–3.5.3, the upgrade path buffers the entire HTTP request (including the request body) in memory before performing the handshake. This behavior enables an attacker to potentially exhaust memory by send...

FLIR Systems FLIR Thermal Traffic Cameras Websocket Device Manipulation Exploit

Exploit for hardware platform in category web applications !/usr/bin/env python -- coding: utf-8 -- FLIR Systems FLIR Thermal Traffic Cameras Websocket Device Manipulation Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected firmware version: V1.01-0bb5b27 TrafiOne Codename:...

openSUSE Security Update : tomcat (openSUSE-2018-1129)

This update for tomcat to version 9.0.10 fixes the following issues : Security issues fixed : - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service bsc1102400. -...

FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure

Title: FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-06 Vendor: FLIR Systems, Inc. Link: https://www.flir.com Tested on: nginx/1.12.1, nginx/1.10.2, nginx/1.8.0, Websocket/13 RFC 6455 Affected firmware version: V1.01-0bb5b27...

FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure

FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure Title: FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-06 Vendor: FLIR Systems, Inc. Link: https://www.flir.com Tested on: nginx/1.12.1, nginx/1.10.2, nginx/1.8.0,...

FLIR Systems FLIR Thermal Traffic Cameras RTSP Stream Disclosure

FLIR Systems FLIR Thermal Traffic Cameras RTSP Stream Disclosure Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected firmware version: V1.01-0bb5b27 TrafiOne Codename: TrafiOne E1.00.09 TI BPL2 EDGE Codename: TIIP4EDGE V1.02.P01 TI x-stream Codename: TIIP2 V1.05.P01 ThermiC...

Security update for tomcat (moderate)

This update for tomcat to version 9.0.10 fixes the following issues: Security issues fixed: - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service bsc1102400. - CVE-2018-801...

FLIR Systems FLIR Thermal Traffic Cameras Websocket Device Manipulation

Summary FLIR TrafiOne is an all-round detection sensor for traffic monitoring and dynamic traffic signal control. Offered in a compact and affordable package, the FLIR TrafiOne uses thermal imaging and Wi-Fi technology to adapt traffic signals based on the presence detection of vehicles, bicycles...

Debian DLA-1523-1 : asterisk security update

Sean Bright discovered that Asterisk, a PBX and telephony toolkit, contained a stack overflow vulnerability in the reshttpwebsocket.so module that allowed remote attackers to crash Asterisk via specially crafted HTTP requests to upgrade the connection to a websocket. For Debian 8 'Jessie', this...

[SECURITY] [DLA 1523-1] asterisk security update

Package : asterisk Version : 1:11.13.1dfsg-2+deb8u6 CVE ID : CVE-2018-17281 Debian Bug : 909554 Sean Bright discovered that Asterisk, a PBX and telephony toolkit, contained a stack overflow vulnerability in the reshttpwebsocket.so module that allowed remote attackers to crash Asterisk via special...

DEBIAN-CVE-2018-17281

There is a stack consumption vulnerability in the reshttpwebsocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connecti...

CVE-2018-17281

There is a stack consumption vulnerability in the reshttpwebsocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connecti...