CVE-2023-4537

Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2...

Man-In-The-Middle (MITM) Attack

MQTT is vulnerable to a Man-in-the-Middle MITM attack. The vulnerability is due to missing hostname verification by default, which allows an attacker to intercept and manipulate communication between clients and servers...

EUVD-2020-1419

Malware in sbrugna...

EUVD-2022-38510

Malicious code in bioql PyPI...

EUVD-2023-33928

Malicious code in bioql PyPI...

Cross-Site WebSocket Hijacking

HTML5 WebSockets allow developers to create bi-directionnal communication channels between clients usually web browsers and servers. To initialize the communication, the WebSocket protocol requires a handshake performed with the HTTP protocol to ugprade the communication. When a web application...

Hitachi FOXMAN-UN 安全漏洞

Hitachi FOXMAN-UN is a powerful toolset for a comprehensive NMS suite from Hitachi, Japan. A security vulnerability exists in Hitachi FOXMAN-UN that stems from the fact that the communication between its client FOXMAN-UN User Interface and server application FOXMAN-UN Core partially uses CORBA...

CVE-2022-35629

Velociraptor vulnerability CVE-2022-35629 arises from a bug in client–server message handling, allowing a registered client to send messages that claim to originate from another client ID. The issue was fixed in Velociraptor version 0.6.5-2. Remediation: upgrade to 0.6.5-2 or later to close the i...

CVE-2022-31805

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected...

CVE-2022-31805

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected...

GHSA-QFR3-323W-QV27 Possible information disclosure inside TreeGrid component with default data provider

Description The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information...

Siemens SINUMERIK 信任管理问题漏洞

Siemens SINUMERIK Edge is a combination of hardware and software that provides a machine-oriented system platform for applications that facilitate digital production support and optimization.SINUMERIK Edge Certificate Improper Validation VulnerabilityAffected software does not properly validate...

What is Graphql ❓ Definition with Example

Anyone who is involved in app development will be familiar with GraphQL, a highly useful query language making tons of things right for app developers and security managers. When handled perfectly and diligently, GraphQL holds the power to empower the traditional process of data retrievals,...

Damn Vulnerable Web Sockets: DVWS

Damn Vulnerable Web Sockets Damn Vulnerable Web Sockets DVWS is a vulnerable web application which works on web sockets for client-server communication. The flow of the application is similar to DVWA . You will find more vulnerabilities than the ones listed in the application. Requirements In the...

nss: Do not allow p-1 as a public DH value (MFSA 2014-12)

It was found that NSS accepted weak Diffie-Hellman Key exchange DHKE parameters. This could possibly lead to weak encryption being used in communication between the client and the server...

Symantec Endpoint Protection Manager 12.1.x - SEH Overflow POC

===================================================================================== This POC code overwrite EIP with "CCCCCCCC" About KCS Key: That key is used to obfuscate traffic between client and server. The key is generated during SEPM installation. We need that key to talk with the SEPM...

Code injection

Baramundi Management Suite 7.5 through 8.9 uses cleartext for 1 client-server communication and 2 data storage, which allows remote attackers to obtain sensitive information by sniffing the network, and allows context-dependent attackers to obtain sensitive information by reading a file...

OPC UA Create Session Response Command

...

Scientific Linux Security Update : ipa on SL6.x i386/x86_64 (20130123)

A weakness was found in the way IPA clients communicated with IPA servers when initially attempting to join IPA domains. As there was no secure way to provide the IPA server's Certificate Authority CA certificate to the client during a join, the IPA client enrollment process was susceptible to...

Symantec Altiris Deployment Solution Multiple Vulnerabilities

SUMMARY Symantecs Altiris Deployment Solution contains vulnerabilities that could potentially be leveraged for unauthorized file access or a denial of service on a client system, authentication bypass on the Server to local system-level access on a client system. AFFECTED PRODUCTS Product | Versi...