55 matches found
CVE-2025-58742
Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle AiTM by modifying the 'Server' field to redirect client...
CVE-2025-58742 Insufficient Configuration Protections Enable Database Credential Interception in Milner ImageDirector Capture
Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle AiTM by modifying the 'Server' field to redirect client...
CVE-2025-58742 Insufficient Configuration Protections Enable Database Credential Interception in Milner ImageDirector Capture
Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle AiTM by modifying the 'Server' field to redirect client...
PT-2026-3667
Name of the Vulnerable Software and Affected Versions Milner ImageDirector Capture versions 7.0.9 through 7.6.3.25808 Description A security issue exists in the Connection Settings dialog of Milner ImageDirector Capture that allows an Adversary in the Middle AiTM attack. This occurs because the...
CVE-2025-60291
The CVE-2025-60291 issue affects eTimeTrackLite Web (version 12.0 and earlier, as of 20250704) and is caused by a permission-control flaw that lets unauthenticated attackers access certain routes and alter database connection configurations. Multiple sources (Red Hat, ENISA/EUVD, CIRCL, NVD, CNNV...
CVE-2025-60291
An issue was discovered in eTimeTrackLite Web thru 12.0 20250704. There is a permission control flaw that allows unauthorized attackers to access specific routes and modify database connection configurations...
EUVD-2017-2462
Malware in sbrugna...
EUVD-2022-51122
Malicious code in bioql PyPI...
CVE-2025-47228
In the Production Environment extension in Netmake ScriptCase through 9.12.006 23, shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests...
CVE-2025-47228
CVE-2025-47228 affects Netmake ScriptCase, Production Environment extension, up to version 9.12.006(23). A shell injection flaw exists in the SSH connection settings that, when paired with authenticated access and crafted HTTP requests, allows an attacker to execute system commands on the server....
CVE-2020-0177
In connect of PanService.java, there is a possible permissions bypass. This could lead to local escalation of privilege to change network connection settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android...
GHSA-95FC-G4GJ-MQMX Steve doesn’t verify a server’s certificate and is susceptible to man-in-the-middle (MitM) attacks
Impact A vulnerability has been identified in Steve where by default it was using an insecure option that did not validate the certificate presented by the remote server while performing a TLS connection. This could allow the execution of a man-in-the-middle MitM attack against services using...
CVE-2025-26492
JetBrains TeamCity is affected when deployed with versions prior to 2024.12.2. The vulnerability stems from improper Kubernetes connection settings that could allow exposure of sensitive resources. Multiple connected sources (CNVD-2025-13414, RH: CVE-2025-26492, and Nessus plugin TEAMCITY_2024_12...
Apache Druid: Users can provide MySQL JDBC properties not on allow list
Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide...
CVE-2024-36370
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible...
CVE-2024-36370
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible...
How to modify the HTTP/HTTPS port while connecting to the management IP of Netscaler?
Regarding modify the HTTP/HTTPS port when connecting to the management IP of Netscaler...
Azure VDAs are shown as "power state: unknown" in Studio
Power state in Studio toggles between "unknown" and "on" or "off" for VMs hosted in Azure. You may find the below entries in the hosting connection test or in the CDF traces Error: Invalid connection settings. System.IO.FileNotFoundException: Could not load file or assembly 'System.Net.Http,...
What Proxy will be used by Citrix Workspace App
Which proxy does the Citrix Receiver/Workspace app use for these settings and if this registry key is mentioned: HKEYCURRENTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings The 9th value contains the proxy setting. The value could be: 09 when...
CVE-2022-48426
CVE-2022-48426 affects JetBrains TeamCity versions prior to 2022.10.3. The vulnerability is a stored XSS in Perforce connection settings , as confirmed by multiple sources (NVD entry and security analyses). Impact is limited to XSS exposure via Perforce settings; exploitation status is not detail...