26 matches found
EUVD-2004-2413
Malware in sbrugna...
EUVD-2001-1262
Malware in sbrugna...
Security Bulletin: Upgraded higher version of cometD in Maximo IT 9.1
Summary Upgraded heigher version of cometD in Maximo IT 9.1 Vulnerability Details CVEID:CVE-2022-24721 DESCRIPTION: CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so...
The dangers of web based messaging apps
TL;DR Anyone with a web browser and access to your phone in an unlocked state could potentially set up persistent access to your secure messaging platforms without needing to know your credentials!. Whilst this clearly requires unfettered access to your phone, scenarios such as screen replacement...
cloud.genesys:web-messaging-sdk (>=3.0.0 <=5.0.0), com.adobe.cq.commerce:cq-commerce-core (>=5.6.0 <=5.13.18) +119 more potentially affected by CVE-2013-5679 via org.owasp.esapi:esapi (=2.0.1)
org.owasp.esapi:esapi MAVEN version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.owasp.esapi:esapi and may be impacted: - cloud.genesys:web-messaging-sdk =3.0.0, =5.6.0, =2.0.54, =5.6.2, =1.0.36, =1.0.24, =5.5.4, =1.0.0, =5.6.4, =1.0.8,...
br.com.esec.icpm:certillion-client-library (>=1.1.7 <=1.2.0), br.com.esec.icpm:certillion-client-library-resteasy-plugin (>=1.1.9 <=1.1.10) +870 more potentially affected by CVE-2015-1796 via org.opensaml:opensaml (>=1.1 <=2.6.4)
org.opensaml:opensaml MAVEN version =1.1, =1.1.7, =1.1.9, =1.2.5, =1.2.1, =3.0.0, =12.1.0, =12.1.1, =12.1.2, =12.1.0, =12.1.4, =1.0.83-RC1, =1.0.88-RC1, =1.0.83-RC1, =1.0.112-RELEASE and more Source cves: CVE-2015-1796 Source advisory: OSV:GHSA-78FQ-W796-Q537...
CVE-2022-24721
CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may b...
CVE-2022-24721
The CVE-2022-24721 issue affects CometD’s Oort/Seti channels. In all versions prior to 5.0.11, 6.0.6, and 7.0.6, internal authorization is improper, allowing remote users to subscribe to or publish on these channels. Subscribing can enable viewing cluster-internal traffic; publishing can allow cr...
Cisco SD-WAN vManage Authentication Bypass Vulnerability
Cisco SD-WAN vManage is a software from Cisco that provides software-defined networking capabilities. The software provides a way to virtualize the network. An authentication bypass vulnerability exists in the Web Messaging Service interface of Cisco SD-WAN vManage, which can be exploited by an...
Cisco SD-WAN vManage Software 安全漏洞
Cisco SD-WAN vManage is a software from Cisco that provides software-defined networking capabilities. The software provides a way to virtualize the network. An authentication bypass vulnerability exists in the Web Messaging Service interface of Cisco SD-WAN vManage, which can be exploited by an...
PT-2021-2982 · Cisco · Cisco Sd-Wan Vmanage
Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: The issue is related to insufficient authorization checks in the web-based messaging service interface of Cisco SD-WAN vManage Software. This could allow an...
Posta - Cross-document Messaging Security Research Tool
Posta is a tool for researching Cross-document Messaging communication. It allows you to track, explore and exploit postMessage vulnerabilities, and includes features such as replaying messages sent between windows within any attached browser. Prerequisites Google Chrome / Chromium Node.js option...
Enonic XP: source code security analysis report
Several vulnerabilities were discovered in Enonic AS 'Enonic XP' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Отсутствие верификации цифровой подписи исполняемых файлов, полученных из недоверенных источников HttpOnly...
IPSwitch IMail 6.x/7.0/7.1 Web Messaging HTTP Get Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5323/info IMail is a commercial email server software package distributed and maintained by Ipswitch, Incorporated. IMail is available for Microsoft Operating Systems. The web messaging server is vulnerable to a buffer...
CVE-2011-5065
Cross-site scripting XSS vulnerability in IBM WebSphere Application Server WAS 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging...
Cross site scripting
Cross-site scripting XSS vulnerability in IBM WebSphere Application Server WAS 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging...
CVE-2011-5065
Cross-site scripting XSS vulnerability in IBM WebSphere Application Server WAS 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging...
CVE-2011-5065
Cross-site scripting XSS vulnerability in IBM WebSphere Application Server WAS 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging...
CVE-2004-2422
Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service crash via 1 a long sender field to the Queue Manager or 2 a long To field to the Web Messaging component...
CVE-2002-1076
CVE-2002-1076 describes a buffer overflow in the Web Messaging daemon of Ipswitch IMail prior to 7.12. An attacker could trigger the overflow by sending a specially crafted long HTTP GET request for HTTP/1.0, enabling remote code execution. The affected component is the Web Messaging daemon insid...