Exploit for Insufficient Session Expiration in Eclipse Jetty

Eclipse Jetty Canonical Repository =============================...Read More ...

Continue Reading

14 декабря, 2023

Cross site scripting

Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected `auth_callback=1`, which is leveraged by the WebSocket authentication ...

Continue Reading

14 декабря, 2023

CVE-2023-45820

Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server recei ...

Continue Reading

14 декабря, 2023

CVE-2023-41896

Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected `auth_callback=1`, which is leveraged by the WebSocket authentication ...

Continue Reading

14 декабря, 2023

Rocky Linux 9 : firefox (RLSA-2023:0285)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0285 advisory. An out of date library (libusrsctp) contained vulnera ...

Continue Reading

14 декабря, 2023

Kopage Website Builder 4.4.15 Shell Upload

...Read More ...

Continue Reading

14 декабря, 2023

CVE-2023-48230

Cap'n Proto is a data interchange format and capability-based RPC system. In versions 1.0 and 1.0.1, when using the KJ HTTP library with WebSocket compression enabled, a buffer underrun can be ca ...

Continue Reading

14 декабря, 2023

Directus crashes on invalid WebSocket message

### Summary It seems that any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. This could probably be posted as an issue and I might ...

Continue Reading

14 декабря, 2023

1 83 84 85 86 87 175

Back to Main
Subscribe for the latest news: