Dozzle's Cross-Site WebSocket Hijacking (CSWSH) on exec/attach endpointsbypasses authentication

Summary The WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables Cross-Site WebSocket Hijacking CSWSH — even when authentication is...

EUVD-2004-1221

Malware in sbrugna...

EUVD-2005-0135

Malware in sbrugna...

EUVD-2006-6459

Malware in sbrugna...

CVE-2025-54289 Privilege Escalation via WebSocket Connection Hijacking in LXD Operations API

Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format...

Linux Distros Unpatched Vulnerability : CVE-2019-13611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket...

PT-2025-5608

Name of the Vulnerable Software and Affected Versions Vitest versions prior to 1.6.1 Vitest versions prior to 2.1.9 Vitest versions prior to 3.0.5 Description The issue is related to arbitrary remote code execution when accessing a malicious website while the Vitest API server is listening, due t...

ICSA-21-110-02_Rockwell Automation Stratix Switches

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/ Low attack complexity Vendor: Rockwell Automation Equipment: Stratix Switches Vulnerabilities: Insufficiently Protected Credentials, Insufficient Verification of Data Authenticity, Use of Out-of-Range Pointer Offset, Insertion of...

CVE-2021-1403

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking CSWSH attack and cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient HTTP protections in...

CVE-2013-1427

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP...

Perforce Socket Hijacking Vulnerability

Perforce is prone to a vulnerability that allows attackers to hijack sockets. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Perforce Socket Hijacking Vulnerability

Perforce is prone to a vulnerability that allows attackers to hijack sockets. NOTE: For an exploit to succeed, the underlying operating system must allow rebinding of a port. OpenVAS Vulnerability Test $Id: gbperforce38594.nasl 5323 2017-02-17 08:49:23Z teissa $ Perforce Socket Hijacking...

CVE-2006-6476

FRAgent.exe in Mandiant First Response MFR before 1.1.1, when run in daemon mode and when the agent is bound to 0.0.0.0 all interfaces, opens sockets in non-exclusive mode, which allows local users to hijack the socket, and capture data or cause a denial of service loss of daemon operation...

CVE-2004-1224

Off-by-one error in the mtrcurseskeyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator...

CVE-2004-1224

Off-by-one error in the mtrcurseskeyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator...

CVE-2004-1224

Off-by-one error in the mtrcurseskeyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator...

Eric Allman Sendmail 8.8.x - Socket Hijack

// source: https://www.securityfocus.com/bid/774/info Through exploiting a combination of seemingly low-risk vulnerabilities in sendmail, it is possible for a malicious local user to have an arbitrary program inherit or "hijack" the file descriptor for the socket listening on priviliged port 25...