CVE-2025-32056

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified o...

CVE-2021-4161

The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server...

Code injection

The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server...

CVE-2021-4161

The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server...

Moxa AWK-3121 Information Disclosure Vulnerability

Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. An information disclosure vulnerability exists in Moxa AWK-3121 version 1.14. An attacker can exploit this vulnerability by sniffing traffic to obtain sensitive information...

PT-2019-8761 · Moxa · Moxa Awk-3121

Name of the Vulnerable Software and Affected Versions: Moxa AWK-3121 version 1.14 Description: An issue was discovered where the device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. This allows an attacker to sniff the traffic passing between the...

FTP Unencrypted Cleartext Login

The remote host is running a FTP service that allows cleartext logins over unencrypted connections. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

AppleShare IP / Apple Filing Protocol (AFP) Unencrypted Cleartext Login

The remote host is running a AppleShare IP / Apple Filing Protocol AFP service that allows cleartext logins over unencrypted connections. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

CVE-2017-14487

The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by sniffing network traffic for search responses from the OhMiBod API server and then editing the username, userid, and token fields in data/data/com.ohmibod.remote2/sharedprefs/OMB.xml...

CVE-2016-3130

An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server BES 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt...

tomcat: three DIGEST authentication implementation issues

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended...

tomcat: three DIGEST authentication implementation issues

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended...

POP2 Unencrypted Cleartext Logins

The remote host is running a POP2 daemon that allows cleartext logins over unencrypted connections. An attacker can uncover login names and passwords by sniffing traffic to the POP2 daemon. OpenVAS Vulnerability Test $Id: pop2unencryptedcleartextlogins.nasl 6056 2017-05-02 09:02:50Z teissa $...

POP2 Cleartext Logins Permitted

The remote host is running a POP2 daemon that allows cleartext logins over unencrypted connections. An attacker can uncover login names and passwords by sniffing traffic to the POP2 daemon. This script was written by George A. Theall, . See the Nessus Scripts License for details. Changes by...

DEBIAN-CVE-2002-1336

TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users...