CVE-2023-31594

IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel using VLC network...

EUVD-2017-12893

Malware in sbrugna...

EUVD-2023-35891

Malicious code in bioql PyPI...

CVE-2023-31594

IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel using VLC network...

Improper access control

IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel using VLC network...

CVE-2023-31594

IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel using VLC network...

CVE-2023-31594

IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel using VLC network...

CVE-2023-31594

CVE-2023-31594 affects IC Realtime ICIP-P2012T firmware 2.420. The issue is an Incorrect Access Control via an exposed HTTP channel (VLC-based) that can expose MJPEG/streaming content, leading to potential confidentiality impact (C:H, P: none). The CVSS3.1 base score is 7.5 (NETWORK, LOW attack c...

K84084843: NGINX Controller installer vulnerability CVE-2020-5911

Security Advisory Description The NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system. CVE-2020-5911 Impact A man-in-the-middle MITM attacker can use this vulnerability to intercept the insecure HTTP channel and convincingly forge...

Wotop - Web On Top Of Any Protocol

WOTOP is a tool meant to tunnel any sort of traffic over a standard HTTP channel. Useful for scenarios where there's a proxy filtering all traffic except standard HTTPS traffic. Unlike other tools which either require you to be behind a proxy which let's you pass arbitrary traffic possibly after ...

Information Disclosure

modperl is vulnerable to information disclosure. The secure flag for the JSESSIONIDSSO cookie is not set, causing the browsers to send cookies in an insecure HTTP channel...

Man-in-the-Middle (MitM)

lix is vulnerable to man-in-the-middle attack. Package downloads are allowed via an insecure HTTP channel after following the Location header redirects. This allows for an attacker in a privileged network position to intercept and modify a package installation and redirect the download to a...

Man-in-the-Middle (MitM)

apache gora is vulnerable to man-in-the-middle attacks. The package resolves dependencies via an insecure HTTP channel, allowing an attacker to intercept and modify package contents during in a Maven build...

Man-in-the-Middle (MitM)

jwebunit is vulnerable to man-in-the-middle attacks. The package uses an insecure HTTP channel to resolve package dependencies, allowing an attacker to intercept and modify network traffic or introduce malicious code into the resolved package...

Man-in-the-Middle (MitM)

jcommander is vulnerable to man-in-the-middle attacks. The usage of an insecure HTTP channel during build allows an attacker to intercept and modify network traffic and introduce malicious code into the third-party component...

Man-in-the-Middle (MitM)

openapi-generator is vulnerable to man-in-the-middle attacks. Resolved dependencies in build.gradle, build.gradle.mustache and build.sbt are performed over an unencrypted HTTP channel, which would allow a remote attacker to intercept and modify network traffic during the installation of...

如何针对使用HTTP的.NET Remoting finding and using deserialization vulnerability-vulnerability warning-the black bar safety net

One, overview In the NCC Group and most recent safety assessment, 我发现了一个.NET v2. 0 app, 该应用程序使用.NET Remoting by HTTP to send the SOAP request to the other server to communicate. In the application of the anti-compiled, I realized that the server has TypeFilterLevel is set to Full, this is very...

Unsafe Dependency Resolution

Overview com.diffplug.spotless:spotless-eclipse-wtp is a code formatting library. Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to resolving dependencies over an insecure channel http. If the build occurred over an insecure connection, a malicious user could...

CVE-2017-3776

Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting others observing the channel to potentially see this information...

Hey, Apple User! Check If You are also Affected by the Sparkle Vulnerability

A pair of new security vulnerabilities has been discovered in the framework used by a wide variety of Mac apps leaves them open to Man-in-the-Middle MitM attacks. The framework in question is Sparkle that a large number of third-party OS X apps, including Camtasia, uTorrent, Duet Display and...