The vulnerability of the software system for managing enterprise assets in IBM Maximo Asset Management allows a perpetrator to gain access to another user’s session.

The vulnerability of the session identifier of the IBM Maximo Asset Management software management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to intercept a session or gain access to another user’s...

Panda Mobile Security for iOS Man-in-the-Middle Attack Vulnerability

Panda Mobile Security for iOS is a mobile antivirus product for iOS developed by the Spanish company Panda Security. The product protects mobile networks from viruses, spyware, hackers and other Internet threats. A security vulnerability exists in version 1.1 of Panda Mobile Security for iOS. An...

Atlassian Hipchat for iOS Man-in-the-Middle Attack Vulnerability

Atlassian Hipchat for iOS is a suite of team chat tools for iOS from the Australian company Atlassian that supports group and 1-to-1 voice and video chat with screen sharing. A security vulnerability exists in Atlassian HipChat for iOS versions prior to 3.16.2. An attacker can exploit the...

CVE-2017-8059

Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information username/password, in addition to the static authentication token if t...

CVE-2017-8058

Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call...

CVE-2017-5901

The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Authentication flaw

Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information username/password, in addition to the static authentication token if t...

CVE-2017-8059

Foxit PDF (iOS) before version 5.4 is vulnerable to accepting invalid/self-signed TLS certificates, enabling a passive or proximity attacker to perform a MITM and silently intercept login credentials (username/password) and an existing authentication token. Root cause: improper TLS certificate va...

Unpatched WordPress Password Reset Vulnerability Lingers

A zero-day vulnerability exists in WordPress Core that in some instances could allow an attacker to reset a user’s password and gain access to their account. Researcher Dawid Golunski of Legal Hackers disclosed the vulnerability on Wednesday via his new ExploitBox service. All versions of...

EulerOS 2.0 SP1 : squid (EulerOS-SA-2016-1025)

According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility ...

Starscream 2.0.3 SSL Pinning Bypass Vulnerability

WebSocket.swift in Starscream versions 2.0.3 and below allows an SSL Pinning bypass because of incorrect management of the certValidated variable it can be set to true but cannot be set to false. An attacker can achieve traffic interception from a man-in-the-middle position, first by resetting th...

Schneider Electric Modicon PLC Multiple Authentication Bypass Vulnerability (CNVD-2017-04918)

Modicon PLCs are programmable controller products used in industries such as dams, energy, food and agriculture, and more. A multiple authentication bypass vulnerability exists in the Schneider Electric Modicon PLC, where an attacker accessing the OT network could intercept traffic to the target...

Huawei HiSuite Man-in-the-Middle Attack Vulnerability

Huawei HiSuite is a set of cell phone assistant software for PC from Huawei, China. A security vulnerability exists in Huawei HiSuite version 4.0.5.300OVE due to the program using unencrypted HTTP to download upgrade packages and failing to check the integrity of the packages before installation...

The vulnerability of the Kernel Samepage Merging (KSM) component in the Linux operating system allows a hacker to influence the confidentiality of information.

The vulnerability of the Linux operating system’s Kernel Samepage Merging KSM component is related to the lack of protection for service data when the ASLR mechanism is used. Exploiting this vulnerability allows a local attacker to partially compromise the confidentiality of information through a...

Information disclosure

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to...

CVE-2016-8960

IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. IBM Reference : 1993718...

LastPass websiteConnector.js content script allows proxying internal RPC commands

noticed this entry in the contentscript array from the LastPass manifest: "matches": "https://1min-ui-prod.service.lastpass.com/" , "js": "1minsignup/chrome/websiteConnector.js" , "allframes": true, "runat": "documentend" , That's a content script that is only used for one specific lastpass.com...

SSLsplit - transparent SSL/TLS interception

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. It is intended to be useful for network forensics, application security analysis and penetration testing. SSLsplit is designed to transparently terminate connections that are redirected to it using a...

CVE-2016-3052

Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques...

Design/Logic Flaw

Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques...