Lucene search
K

4352 matches found

NVD
NVD
added 2006/07/07 12:5 a.m.18 views

CVE-2006-3415

Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle MITM attack via unspecified vectors...

6.4CVSS6.6AI score0.02009EPSS
Exploits0References4
CVE
CVE
added 2006/07/07 12:0 a.m.41 views

CVE-2006-3415

Summary: CVE-2006-3415 affects Tor before 0.1.1.20 due to an improper validation of the \

6.4CVSS6.6AI score0.02009EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2006/07/07 12:0 a.m.18 views

CVE-2006-3415

Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle MITM attack via unspecified vectors...

6.4CVSS6.4AI score0.02009EPSS
Exploits0
Prion
Prion
added 2006/06/01 10:2 a.m.22 views

Authentication flaw

The RedCarpet command-line client rug does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle MITM attack...

5CVSS7.5AI score0.01046EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2006/06/01 10:2 a.m.19 views

CVE-2006-2703

The RedCarpet command-line client rug does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle MITM attack...

5CVSS6.9AI score0.01046EPSS
Exploits0References3
Cvelist
Cvelist
added 2006/06/01 10:0 a.m.28 views

CVE-2006-2703

The RedCarpet command-line client rug does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle MITM attack...

6.9AI score0.01046EPSS
Exploits0References3
NVD
NVD
added 2005/12/07 11:3 a.m.25 views

CVE-2005-4046

Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise Edition 8.1 2005Q1, and Sun ONE Application Server 7 Standard Edition, as used in multiple web servers, allows remote attackers to conduct...

4CVSS6.7AI score0.017EPSS
Exploits0References5
NVD
NVD
added 2005/11/01 12:47 p.m.25 views

CVE-2005-3402

The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle MITM attack that...

2.6CVSS6.5AI score0.0106EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2005/11/01 12:47 p.m.28 views

CVE-2005-3402

The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle MITM attack that...

2.6CVSS6AI score0.0106EPSS
Exploits0References1
CVE
CVE
added 2005/11/01 11:0 a.m.60 views

CVE-2005-3402

CVE-2005-3402 affects Mozilla Thunderbird SMTP client (notably 1.0.5 BETA and 1.0.7). The issue is that Thunderbird does not notify users when it cannot establish a secure channel with the SMTP server, enabling a MITM to obtain authentication information by bypassing TLS or downgrading CRAM-MD5 t...

2.6CVSS6.5AI score0.0106EPSS
Exploits0References4Affected Software1
securityvulns
securityvulns
added 2005/10/14 12:0 a.m.33 views

[Full-disclosure] Mozilla Thunderbird SMTP down-negotiation weakness

MOZILLA THUNDERBIRD SMTP DOWN-NEGOTIATION WEAKNESS Thomas Henlich [email protected] SUMMARY Mozilla Thunderbird SMTP down-negotiation behaviour allows a man- in-the-middle MITM attack to bypass TLS initialization and/or downgrade CRAM-MD5 to PLAIN authentication, leading to exposure of...

0.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2005/10/11 12:0 a.m.38 views

JVN#23632449: OpenSSL version rollback vulnerability

Impact When performing communication through a path controlled by an attacker using OpenSSL, the attacker conducting a man-in-the-middle MITM attack can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0 to intercept or alter data...

5CVSS5.5AI score0.04866EPSS
Exploits0
NVD
NVD
added 2005/09/02 11:3 p.m.14 views

CVE-2005-2779

The iTAN Online-Banking Security System allows remote attackers to obtain TAN numbers via a man-in-the-middle MITM attack while the transaction is taking place, which facilitates a "phishing" attack...

5CVSS6.5AI score0.01308EPSS
Exploits1References2
Cvelist
Cvelist
added 2005/09/02 4:0 a.m.16 views

CVE-2005-2779

The iTAN Online-Banking Security System allows remote attackers to obtain TAN numbers via a man-in-the-middle MITM attack while the transaction is taking place, which facilitates a "phishing" attack...

6.5AI score0.01308EPSS
Exploits1References2
CVE
CVE
added 2005/09/02 4:0 a.m.30 views

CVE-2005-2779

The CVE-2005-2779 entry concerns the iTAN Online-Banking Security System. According to the provided documents, remote attackers can obtain TAN numbers through a man-in-the-middle (MITM) during a transaction, facilitating a phishing-style attack. The NVD description confirms the vulnerability exis...

5CVSS6.8AI score0.01308EPSS
Exploits1References2
NVD
NVD
added 2005/08/10 4:0 a.m.16 views

CVE-2005-1982

Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle MITM attack between a client and a domain controller when PKINIT smart card authentication is bein...

3.6CVSS5.9AI score0.01648EPSS
Exploits0References11
Cvelist
Cvelist
added 2005/08/10 4:0 a.m.25 views

CVE-2005-1982

Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle MITM attack between a client and a domain controller when PKINIT smart card authentication is bein...

5.9AI score0.01648EPSS
Exploits0References11
CVE
CVE
added 2005/08/10 4:0 a.m.55 views

CVE-2005-1982

CVE-2005-1982 is a PKINIT vulnerability in Kerberos used by smart card logon on Windows 2000/XP/Server 2003. The flaw allows information disclosure and spoofing by injecting into an authentication session between a client and a domain controller, potentially enabling a malicious server to imperso...

3.6CVSS6AI score0.01648EPSS
Exploits0References11Affected Software3
securityvulns
securityvulns
added 2005/08/02 12:0 a.m.266 views

Microsoft ActiveSync clear text password

Microsoft ActiveSync clear text password Microsoft ActiveSync is widely used to synchronies Windows based PDAs and smartphones with desktop computer. PDA can connect to PC via COM/USB/IR or LAN. Before synchronization user on PC must setup "partnership" to allow synchronization. If PDA is protect...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2001/07/16 12:0 a.m.26 views

Messenger/hotmail MITM exploit

hello, this a little sploit i wrote for Linux to test a man in the middle attack against Messenger/Hotmail. A kind of swiss army knife that: / use the messenger scrambler bug to get passwords hashes / spoof hotmail site to retrieve plaintext passwords since protocol is not enciphered when users...

6.8AI score
Exploits0
Rows per page
Query Builder