Lucene search
K

57 matches found

RedHat Linux
RedHat Linux
added 2016/04/12 5:37 p.m.22 views

samba: Smb signing not required by default when smb client connection is used for ipc usage

It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client...

5.9CVSS6.7AI score0.10232EPSS
Exploits0References5
seebug.org
seebug.org
added 2015/11/16 12:0 a.m.19 views

IBM Security QRadar Incident Forensics中间人攻击漏洞(CNVD-2015-07484)

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/11/16 12:0 a.m.30 views

IBM Security QRadar Incident Forensics中间人攻击漏洞(CVE-2015-1993)

No description provided by source...

5CVSS6.6AI score0.01209EPSS
Exploits1
CNVD
CNVD
added 2015/09/20 12:0 a.m.3 views

VMware vCenter Server LDAP Certificate Validation Bypass Vulnerability

VMware vCenter Server provides centralized visibility, proactive management and extensibility into virtual infrastructures. VMware vCenter Server fails to validate TLS certificates when binding to LDAP servers, allowing an attacker to intercept communications between an LDAP server and a target...

5.8CVSS6.8AI score0.00743EPSS
Exploits0References1
CNVD
CNVD
added 2015/07/12 12:0 a.m.5 views

Microsec e-Szigno XML Digital Signature Forgery Security Bypass Vulnerability

Microsec e-Szigno is a suite of electronic signature authentication applications. Microsec e-Szigno does not validate the signature of specially crafted XML files, allowing attackers to bypass XML digital signature validation by performing man-in-the-middle attacks to forge XML file content and...

7.8CVSS7AI score0.02118EPSS
Exploits0References1
myhack58
myhack58
added 2015/03/05 12:0 a.m.26 views

“Legacy”vulnerability: analysis of the new SSL/TLS vulnerability FREAK-vulnerability warning-the black bar safety net

Recently security researchers discovered a new SSL/TLS vulnerability. Expected within ten years, millions of Apple, Android users to access the HTTPS site will likely suffer from the middleman and then the stolen account and password, even if these sites use the encrypted transmission, also to no...

Exploits0
myhack58
myhack58
added 2014/11/26 12:0 a.m.17 views

The sword refers to the Android and iOS system DoubleDirect middle attack-vulnerability warning-the black bar safety net

A security researcher found a new man in the middle attack technique, it targets mostly run of the Android system and iOS system of smartphone and tablets. This is called DoubleDirect of art belonging to the middleman(MITM attack. An attacker can use this technique to put the victim to visit...

0.8AI score
Exploits0
myhack58
myhack58
added 2014/11/21 12:0 a.m.30 views

Combined with the middleman attack, the Pidgin tasteless vulnerability becomes waste into treasure-vulnerability warning-the black bar safety net

The latest version of the open source instant messaging clientPidgin 2.10.10 all this time to fix a series of vulnerabilities, wherein the SSL/TLS certificate validation issue can be exploited by hackers to make MiTM attacks. As a result, some slightly tasteless the vulnerability with man in the...

0.3AI score
Exploits0
myhack58
myhack58
added 2014/11/01 12:0 a.m.11 views

The ASUS RT-series of wireless routers vulnerable, may suffer from the middleman attack-a vulnerability warning-the black bar safety net

! USA security researchers found that the ASUS RT wireless router to download and Update service is via unencrypted HTTP Protocol, and thus may be subject to MiTM attacks. Security researchers Longenecker in his blog pointed out, the ASUS RT series routers only according to a relatively simple...

1.7AI score
Exploits0
myhack58
myhack58
added 2014/08/28 12:0 a.m.17 views

Amazing exposure Netcore routers exist back door, anyone can be a remote access-vulnerability warning-the black bar safety net

The Trend Micro researchers said yesterday at the official website shows, the Chinese manufacturers produce a series of routers contain a severe vulnerability, the hacker through the loopholes in monitoring user's Internet traffic. Router in China the Brand Name Netcore in foreign countries the...

0.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2014/01/21 5:3 p.m.4 views

rhev: remote-viewer spice tls-stripping issue

The remote-viewer in Red Hat Enterprise Virtualization Manager RHEV-M before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server...

4.3CVSS5.8AI score0.00968EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/10/14 1:31 p.m.5 views

TLS: MITM attacks via session renegotiation

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

9.8CVSS6.9AI score0.87264EPSS
Exploits14References4
Opera Security Advisories
Opera Security Advisories
added 2010/06/29 12:0 a.m.10 views

TLS protocol vulnerable to Man In The Middle attack – Opera Security Advisories

TLS protocol vulnerable to Man In The Middle attack – Opera Security Advisories OPCOM Team | June 29, 2010 Summary A vulnerability has been discovered in all current versions of the SSL and TLS protocols, that may allow an attacker to inject data and instructions into the HTTPS connection and tri...

5.7AI score
Exploits0References1
seebug.org
seebug.org
added 2009/07/02 12:0 a.m.27 views

MySQL Connector/NET缺少SSL证书验证漏洞

BUGTRAQ ID: 35514 MySQL Connector/Net是MySQL数据库的ADO.NET驱动。 MySQL Connector/Net在使用加密的时候没有对服务器的证书执行验证。在NativeDriver.cs文件中,StartSSL函数依赖于名为 NoServerCheckValidation的验证函数,而该函数没有执行任何验证。此外还有另一个名为ServerCheckValidation 的函数,而该函数被标注掉。 能够对连接执行中间人攻击的攻击者可以通过利用这个漏洞绕过加密验证,从而破坏SSL所提供的安全性。 MySQL AB MySQL Connector/N...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2009/03/16 2:6 p.m.5 views

evolution-data-server: S/MIME signatures are considered to be valid even for modified messages (MITM)

Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077...

5CVSS6.9AI score0.02216EPSS
Exploits0References4
myhack58
myhack58
added 2007/01/13 12:0 a.m.36 views

Port interception with port hidden sniffing attacks-vulnerability warning-the black bar safety net

In WINDOWS SOCKET Server Application Programming, the following statement perhaps than than are: s=socketAFINET,SOCKSTREAM,IPPROTOTCP; saddr. sinfamily = AFINET; saddr. sinaddr. serveraddress = htonlINADDRANY; binds,SOCKADDR &saddr,sizeofsaddr; In fact, this which exists in a very big security...

7AI score
Exploits0
OSV
OSV
added 2006/12/31 5:0 a.m.2 views

DEBIAN-CVE-2006-5867

fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle MITM attacks...

7.8CVSS6.2AI score0.04255EPSS
Exploits0References1
Rows per page
Query Builder