Parrot Sec: http://lists.parrotsec.org vulnerable to MITM

Thanks @nobodycares...

OV3 Online Administration 3.0 Authenticated Code Execution

!-- OV3 Online Administration 3.0 Authenticated Code Execution Vendor: novaCapta Software & Consulting GmbH Product web page: http://www.meacon.de Affected version: 3.0 Summary: With the decision to use the OV3 as a platform for your data management, the course is set for scalable, flexible and...

OV3 Online Administration 3.0 - Remote Code Execution Vulnerability

Exploit for php platform in category web applications !-- OV3 Online Administration 3.0 Authenticated Code Execution Vendor: novaCapta Software & Consulting GmbH Product web page: http://www.meacon.de Affected version: 3.0 Summary: With the decision to use the OV3 as a platform for your data...

UBUNTU-CVE-2017-7485

In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the...

CVE-2017-5948

CVE-2017-5948 is a downgrade-attack vulnerability in OnePlus OxygenOS and HydrogenOS OTA updates. The root cause is a lenient updater-script in OTAs for OnePlus One, X, 2, 3, and 3T that does not enforce that the current version is

All OnePlus Devices Vulnerable to Remote Attacks Due to 4 Unpatched Flaws

There is a bad news for all OnePlus lovers. A security researcher has discovered four vulnerabilities that affect all OnePlus handsets, including One, X, 2, 3 and 3T, running the latest versions of OxygenOS 4.1.3 worldwide and below, as well as HydrogenOS 3.0 and below for Chinese users. Damn, I ...

Think Mutual Bank Mobile Banking App for iPhone fails to properly validate SSL certificates

Overview Think Mutual Bank mobile banking app for iOS, version 3.1.5 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295: Improper Certificate Validation -...

U.S. Dept Of Defense: Multiple cryptographic vulnerabilities in login page on ███████

Summary: I realize that this report's title may not make sense yet. In one sentence: users logging in to the ███████ Server REST API Login page can have their passwords stolen by an attacker on the same LAN or WiFi as the victim trying to log in. Description: To save the reader any confusion, I'l...

Dell Customer Connect 1.3.28.0 Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits Exploit Dell Customer Connect 1.3.28.0 Privilege Escalation Date: 25.04.2017 Software Link: http://www.dell.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local 1...

Dell Customer Connect 1.3.28.0 Privilege Escalation

Exploit Dell Customer Connect 1.3.28.0 Privilege Escalation Date: 25.04.2017 Software Link: http://www.dell.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local 1. Description DCCService.exe is running on autostart as...

Man-in-the-Middle (MitM)

ansible is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists because it does not perform ample validation of HTTPS certificate using geturl and uri modules. Therefore, it fails to catch the mismatch between server hostname and a domain name in the subject's Common Name CN or...

CVE-2016-8273

Huawei PC client software HiSuite 4.0.5.300OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise...

Hardcoded credentials

Huawei PC client software HiSuite 4.0.5.300OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise...

CVE-2016-8273

Huawei HiSuite PC client (version 4.0.5.300_OVE) is vulnerable due to using insecure HTTP to download upgrade packages and not validating package integrity. This allows a local attacker to conduct a man‑in‑the‑middle attack to interrupt or replace the downloaded software, potentially compromising...

CVE-2016-8273

Huawei PC client software HiSuite 4.0.5.300OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise...

CVE-2017-2448

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging...

New Relic: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability

Hi, I get in touch to report that cloud.newrelic.com is vulnerable to CVE-2014-3566 POODLE. Websites that support SSLv3 and CBC-mode ciphers are potentially vulnerable to an active MITM Man-in-the-middle attack. This attack, called POODLE, is similar to the BEAST attack and also allows a network...

CVE-2016-4927

Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle MITM type of attacks while a Space device is communicating with managed devices...

CVE-2016-4927

Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle MITM type of attacks while a Space device is communicating with managed devices...

CVE-2016-4927

Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle MITM type of attacks while a Space device is communicating with managed devices...