Exploit for Improper Validation of Integrity Check Value in Oneidentity Cloud_Access_Manager

CVE-2019-13496 Exploit Title: OTP bypass Filed Integrity ch...

Tomedo Server 1.7.3 Information Disclosure / Weak Cryptography

Affected software: Tomedo Server 1.7.3 Vulnerability type: Cleartext Transmission of Sensitive Information & Weak Cryptography for Passwords Vulnerable version: Tomedo Server 1.7.3 Vulnerable component: Customer Tomedo Server that communicates with Vendor Tomedo Update Server Vendor report...

CVE-2019-0054

CVE-2019-0054 refers to an Improper Certificate Validation weakness in Juniper Networks Junos OS, specifically the SRX Series app-id signature update client. The vulnerability allows a remote attacker to perform a Man-in-the-Middle (MitM) attack, potentially compromising integrity and confidentia...

RENPHO 3.0.0 Information Disclosure

Hello together, we’ve found the following vulnerability below. Affected software: RENPHO V3.0.0 iOS App Vulnerability type: Missing Encryption and Integrity Check of Sensitive Data Vulnerable version: Renpho Mobile Application V3.0.0 for iOS Vulnerable component: Client app, transmitting data to...

Fortinet FortiSIEM 5.0 / 5.2.1 Improper Certification Validation

Product Name: FortiSIEM Tested versions: 5.0, 5.2.1 Fixed in version: Only a manual workaround is available from Fortinet as of this writing Weakness Type: CWE-295 - Improper Certificate Validation Discovered by: Andrew Klaus Cybera Canada CVE: Pending == Disclosure Timeline: June 25, 2019: Initi...

PT-2019-6283 · Nlnet +5 · Unbound +5

Name of the Vulnerable Software and Affected Versions: Unbound versions prior to 1.9.5 Description: The issue is related to insufficient neutralization of special elements in a request, which can be exploited by a remote attacker to impact data integrity. This can occur upon a successful...

SUSE-SU-2019:2212-1 Security update for python-Twisted

This update for python-Twisted fixes the following issues: Security issue fixed: - CVE-2019-12855: Fixed TLS certificate verification to protecting against MITM attacks bsc1138461...

CVE-2019-1948

A vulnerability in Cisco Webex Meetings Mobile iOS could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer SSL certificate. The vulnerability is due to insufficient SSL certificate validation by the affected...

Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks

Those who are familiar with Bluetooth BR/EDR technology aka Bluetooth Classic, from 1.0 to 5.1 can attest that it is not perfect. Like any other piece of hardware or software technology already on market, its usefulness comes with flaws. Early last week, academics at Singapore University of...

Exploit for Cleartext Transmission of Sensitive Information in Oneidentity Cloud_Access_Manager

CVE-2019-13498 Exploit Title: MITM - Missing HSTS causing cre...

Metasploit Reverse Session Takeover Vulnerability

Exploit for multiple platform in category local exploits Exploit Title: Metasploit Reverse Session Takeover Exploit Author: Social Engineering Neo - @EngineeringNeo Software Link: https://www.metasploit.com/download Version: Metasploit Pro v4.17.67-dev Tested on: Linux & Windows Metasploit Revers...

CVE-2019-12820

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account,...

Design/Logic Flaw

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account,...

CVE-2019-12820

The CVE-2019-12820 entry concerns the Shenzhen Jisiwei i3 robot vacuum cleaner app 2.0 (Android/iOS). The vulnerability is that login and other personal information communications between the app and its server are sent over unencrypted HTTP, enabling a local-network MiTM attacker to capture cred...

CVE-2019-12820

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account,...

Node.js third-party modules: Yarn transfers npm credentials over unencrypted http connection

Module module name: yarn version: 1.16.0 npm page: https://www.npmjs.com/package/yarn Module Description Fast, reliable, and secure dependency management. Module Stats Replace stats below with numbers from npm’s module page: 166 703 downloads in the last day 849 928 downloads in the last week 3 7...

Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques

By Danny Adamitis with contributions from Paul Rascagneres. Executive summary After several months of activity, the actors behind the "Sea Turtle" DNS hijacking campaign are not slowing down. Cisco Talos recently discovered new details that suggest they regrouped after we published our initial...

CVE-2019-10101

JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack...

CVE-2019-10101

JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack...

CVE-2019-10102

JetBrains Ktor framework created using the Kotlin IDE template versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30...