This module uses a blind SQL injection (CVE-2020-5724) affecting the Grandstream UCM62xx IP PBX to dump the users table. The injection occurs over a websocket at the websockify endpoint, and specifica ...
Continue Reading01 июля, 2023
If no TLS configuration is provided by the user, the websocket package constructs its own TLS configuration using recommended defaults.Read More ...
Continue Reading01 июля, 2023
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which a ...
Continue Reading01 июля, 2023
A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from insi ...
Continue Reading30 июня, 2023
Apache Tomcat is a lightweight Web application server from the Apache Foundation. The application implements support for Servlet and JavaServer Page (JSP).Apache Tomcat suffers from a request obfuscat ...
Continue Reading30 июня, 2023
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which a ...
Continue Reading30 июня, 2023
# July 7th 2022 Security Releases By Rafael Gonzaga, 2022-07-07 ## _(Update 07-July-2022)_ Security releases available Updates are now available for the v18.x, v16.x, and v14.x Node.js release lines f ...
Continue Reading30 июня, 2023
The version of AOS installed on the remote host is prior to 5.20.4.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.20.4.5 advisory. - zlib before 1.2.12 all ...
Continue Reading30 июня, 2023
Back to Main