CVE-2016-1672

The ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vector...

Cisco UCS Invicta Software Default GPG Key Vulnerability

A vulnerability in Cisco UCS Invicta Software could allow an unauthenticated, remote attacker to access some encrypted information, if the attacker can intercept communication between an affected system and a Cisco UCS Invicta Autosupport server. The vulnerability is due to the presence of a...

MariaDB Server 5.5.x < 5.5.47 / 10.0.x < 10.0.23 / 10.1.x < 10.1.10 Multiple Vulnerabilities

Binary data 9287.prm...

CVE-2016-4555

A NULL pointer dereference flaw was found in the way Squid processes ESI responses. If Squid was used as a reverse proxy or for TLS/HTTPS interception, a malicious server could use this flaw to crash the Squid worker process...

CVE-2016-4554

An input validation flaw was found in Squid's mimegetheaderfield function, which is used to search for headers within HTTP requests. An attacker could send an HTTP request from the client side with specially crafted header Host header that bypasses same-origin security protections, causing Squid...

Htcap - web application scanner able to crawl single page application (SPA) in a recursive manner by intercepting ajax calls and DOM changes

htcap is a web application scanner able to crawl single page application SPA in a recursive manner by intercepting ajax calls and DOM changes. Htcap is not just another vulnerability scanner since it's focused mainly on the crawling process and uses external tools to discover vulnerabilities. It'...

BlackBerry CEO Defends Lawful Access Principles, Supports Phone Hack

BlackBerry’s CEO made the company’s stance on lawful access requests clear this week and is defending actions to provide Canadian law enforcement with what it needed to decrypt communications between devices. The company’s CEO John Chen penned a statement on Monday, reiterating that one of...

CVE-2016-0787

The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...

CVE-2016-0787

The CVE-2016-0787 entry concerns libssh2 (before 1.7.0) where the diffie_hellman_sha256 function truncates ephemeral DH secrets to 128 or 256 bits, enabling potential man-in-the-middle decryption/interception of SSH sessions. Root cause: truncated DH secret length. Impact: weakened SSH handshake ...

CVE-2016-0739

libssh before 0.7.3 improperly truncates ephemeral secrets generated for the 1 diffie-hellman-group1 and 2 diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes...

samba: Smb signing not required by default when smb client connection is used for ipc usage

It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client...

CVE-2016-3676

Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B436D09SP00C00 allow man-in-the-middle attackers to intercept, spoof, or modify network traffic via unspecified vectors related to a fake network...

Transparent SSL TLS interception: SSLsplit

Transparent SSL TLS interception: SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. It is intended to be useful for network forensics, application security analysis, web application security testing, network security auditing, penetration testing and...

DIY Web Proxy: proxenet

proxenet is a multi-threaded proxy which allows you to manipulate your HTTP requests and responses using your favorite scripting language. No need to learn Java like for Burp or Python like for mitmproxy . proxenet supports heaps of languages and more can be added easily. proxenet is a C-based...

Security Advisory - Integrity Protection Vulnerability in Huawei E3276s Products

The Huawei E3276s products have an integrity protection vulnerability. As a result, user communication can be intercepted, spoofed, and injected with traffic. Vulnerability ID: HWPSIRT-2016-02019 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2016-3676...

LocalTapiola: Posting modified information in 'Investment section' will cause unintended information change in verkkopalvelu.tapiola.fi

Hello, Some strange account information modification is ongoing when intercepting and making small modifications to requests in 'investment section'. Login to portal and go to buy shares https://verkkopalvelu.tapiola.fi/jb2/ltvr/purchases or similar and pic 2025 A shares, intercept requests and...

Apple iOS Messages Message Disclosure Vulnerability

Apple iOS, OS X, and watchOS are all products of Apple Inc. Apple iOS is an operating system developed for mobile devices; watchOS is a smartwatch operating system; and Apple OS X is an Apple operating system. An information disclosure vulnerability exists in the implementation of Messages in iOS...

Than 3 1 5 party exciting! Touch under the ass, the“flash pay,”the Bank card information can be“Flash to steal it!” - Vulnerability warning-the black bar safety net

! /Article/UploadPic/2016-3/2016317103231926.jpg Yesterday, the CCTV 3 1 5 party exposure has a presence in the POSS machine vulnerabilities, criminals do not need Bank card password can also brush away the user card on the funds. Today I'll introduce a superb steal credit card and debit card...

[SECURITY] [DSA 3487-1] libssh2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3487-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 23, 2016 https://www.debian.org/security/faq -...

UBUNTU-CVE-2016-0739

libssh before 0.7.3 improperly truncates ephemeral secrets generated for the 1 diffie-hellman-group1 and 2 diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes...