CVE-2015-2968

LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM man-in-the-middle attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle attacker...

Code injection

LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM man-in-the-middle attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle attacker...

Code injection

LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM man-in-the-middle attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle attacker...

CVE-2015-0897

LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM man-in-the-middle attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle attacker...

PT-2023-10315 · Line · Line For Android +1

Name of the Vulnerable Software and Affected Versions: LINE@ for Android version 1.0.0 LINE@ for iOS version 1.0.0 Description: The issue allows for a man-in-the-middle MITM attack due to the application's acceptance of non-SSL/TLS communications. This enables an attacker to invoke any API from a...

CVE-2022-24400 DCK pinning attack in TETRA

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero...

SoftEther VPN CiRpcServerThread() MitM authentication bypass vulnerability

Talos Vulnerability Report TALOS-2023-1755 SoftEther VPN CiRpcServerThread MitM authentication bypass vulnerability October 12, 2023 CVE Number CVE-2023-32634 SUMMARY An authentication bypass vulnerability exists in the CiRpcServerThread functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta...

CVE-2023-4586

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle MITM attack...

Security feature bypass

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle MITM attack...

Oracle Linux 8 : container-tools:ol8 (ELSA-2019-3403)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3403 advisory. - ipreass in ipinput.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment...

Oracle Linux 8 : container-tools:1.0 (ELSA-2019-3494)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3494 advisory. - ipreass in ipinput.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment...

CVE-2022-22305

An improper certificate validation vulnerability CWE-295 in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle th...

CVE-2023-4586

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle MITM attack. Mitigation No current mitigation is yet available for this vulnerability...

CVE-2021-35309

An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks...

WakaTime: Waketime Payment Gateway Vulnerability

Vulnerability description not provided...

CVE-2023-38686

Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with...

CVE-2023-38686

Sydent (Matrix Identity Server) is affected pre-2.5.6: when configured to send emails via TLS, it does not verify SMTP server certificates, enabling MITM interception of invitation and address-confirmation emails by an attacker with network access. Root cause: failure to verify TLS SMTP certifica...

ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)

Exploit Title: ReyeeOS 1.204.1614 - MITM Remote Code Execution RCE Google Dork: None Date: July 31, 2023 Exploit Author: Riyan Firmansyah of Seclab Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/support/documents/slideEW1200G-PRO-Firmware-B11P204 Version...

Moxa AWK-3121 Cleartext Transmission of Sensitive Information (CVE-2018-10694)

An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between t...

Sydent does not verify email server certificates

Impact If configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with privileged access to the network can intercept room invitations and address confirmation...