IBM Tealeaf Customer Experience Information Disclosure Vulnerability (CNVD-2016-11558)

IBM Tealeaf Customer Experience is a SaaS Software-as-a-Service based analytics solution for web and mobile applications from IBM, USA. The solution helps clients improve the overall user experience by analyzing and understanding data, and supports the adoption of advanced user interfaces for ric...

InVision: CORS Man-in-the-Middle account compromise

Description ==================== The invisionapp application implements HTTPS correctly by redirecting any HTTP traffic to HTTPS; this prevents, for example, the person sitting in the same office or home as you, or someone on the same open-wireless network as you e.g. McDonalds or airport, from...

Hey, Apple User! Check If You are also Affected by the Sparkle Vulnerability

A pair of new security vulnerabilities has been discovered in the framework used by a wide variety of Mac apps leaves them open to Man-in-the-Middle MitM attacks. The framework in question is Sparkle that a large number of third-party OS X apps, including Camtasia, uTorrent, Duet Display and...

The ASUS RT-series of wireless routers vulnerable, may suffer from the middleman attack-a vulnerability warning-the black bar safety net

! USA security researchers found that the ASUS RT wireless router to download and Update service is via unencrypted HTTP Protocol, and thus may be subject to MiTM attacks. Security researchers Longenecker in his blog pointed out, the ASUS RT series routers only according to a relatively simple...

Instagram Mobile App Issue Leads to Account Hijacking Vulnerability

In the era of Government surveillance, ensuring the security and safety of our private communications regardless of platform – email, VOIP, message, even cookies stored – should be the top priority of the Internet industry. Some industry came together to offer Encryption as the protection against...

mRemote 1.50 Update Spoofing Vulnerability

mRemote version 1.50 suffers from an update spoofing vulnerability. Update Spoofing Vulnerability in mRemote 1.50 =============================================================================== Author: Janek Vind "waraxe" Date: 29. March 2013 Location: Estonia, Tartu Web:...

Design/Logic Flaw

The Web Server Plug-in in IBM WebSphere Application Server WAS 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a...

Design/Logic Flaw

CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections...

CVE-2009-0144

CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections...

Design/Logic Flaw

The web interface in Trend Micro ServerProtect for Linux SPLX 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network...

CVE-2007-1169

The web interface in Trend Micro ServerProtect for Linux SPLX 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network...

CVE-2007-1169

CVE-2007-1169 affects Trend Micro ServerProtect for Linux (SPLX) versions 1.25, 1.3, and 2.5 prior to 20070216. The web interface accepts logon requests over unencrypted HTTP, which could allow remote attackers to obtain user credentials by sniffing network traffic. This is the only vulnerability...

DUO-PSA-2020-003: Duo Product Security Advisory

Duo Product Security Advisory Advisory ID: DUO-PSA-2020-003 Publication Date: 2020-06-30 Revision Date: 2020-06-30 Status: Confirmed, Fixed Document Revision: 2 Overview Duo has identified and fixed an issue in the Duo Connect client that allows end-users to choose insecure configurations. If...