5272 matches found
CVE-2017-2922
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to...
Integer overflow
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An...
CVE-2017-2922
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to...
Memory corruption
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to...
CVE-2017-2921
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An...
CVE-2017-2921
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An...
CVE-2017-2922
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to...
CVE-2017-2922
CVE-2017-2922 affects Cesanta Mongoose 6.8 (Websocket protocol handling). A memory corruption via fragmented WebSocket frames can trigger a use-after-free when reassembling data in mg_deliver_websocket_data, due to a buffer resize that invalidates pointers and leads to reads/writes on freed memor...
CVE-2017-2921
Cesanta Mongoose 6.8 Websocket implementation contains a memory corruption flaw in websocket frame handling. During parsing, an integer overflow in data_len/frame_len calculations can cause a large, misvalidated memory write in mg_deliver_websocket_data, leading to a heap-buffer-overflow. Reporte...
CVE-2017-2922
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to...
CVE-2017-2921
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An...
Cesanta Mongoose Remote Code Execution Vulnerability
Cesanta Mongoose is a set of embedded servers from the Irish company Cesanta. websocket protocol is one of the websocket communication protocols. A remote code execution vulnerability exists in the Websocket protocol implementation in Cesanta Mongoose version 6.8. A remote attacker can exploit th...
Cesanta Mongoose Remote Code Execution Vulnerability
Cesanta Mongoose is a set of embedded servers from the Irish company Cesanta. websocket protocol is one of the websocket communication protocols. A remote code execution vulnerability exists in the Websocket protocol implementation in Cesanta Mongoose version 6.8. A remote attacker can exploit th...
Cesanta Mongoose Websocket Protocol Packet Length Code Execution Vulnerability
Summary An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow resulting leading to heap buffer overflow resulting in denial of service and potential remote code...
Java WebSocket client nv-websocket-client Man-in-the-Middle Attack Vulnerability
Java WebSocket client nv-websocket-client is a set of open source Java-based WebSocker client implementation . A security vulnerability exists in Java WebSocket client nv-websocket-client, which stems from the program's failure to verify that the server hostname matches the domain name. An attack...
cFire: IP Discovery for Domains behind Cloudflare
PenTestIT RSS Feed If you remember, I blogged about a CloudFail and HatCloud earlier. Those tools help you find the IP addresses of systems that are protected/behind Cloudflare. This post is about a new tool on the block - cFire, which just does not stop at detecting the systems restricted using...
Cross site scripting
TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack...
CVE-2015-3454
TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack...
CVE-2015-3454
TelescopeJS prior to version 0.15 leaks user bcrypt password hashes in websocket messages, which an attacker could obtain through a cross-site scripting attack. This is documented in CVE-2015-3454 (NVD). The available sources corroborate that the vulnerability involves leaking password hash data ...
Mongoose Web Server 6.5 CSRF / Command Execution Vulnerability
Mongoose Web Server version 6.5 suffers from cross site request forgery and remote command execution vulnerabilities. + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt +...