CVE-2024-54147

The CVE-2024-54147 entry covers Altair GraphQL Client (desktop) prior to version 8.0.5, where the application does not validate HTTPS certificates. This weakness enables a man-in-the-middle on untrusted networks to intercept GraphQL request/response headers and bodies (including authorization tok...

PT-2024-36071 · Altair · Altair Graphql Client

Name of the Vulnerable Software and Affected Versions: Altair GraphQL Client versions prior to 8.0.5 Description: The issue arises from the Altair GraphQL Client's desktop app not validating HTTPS certificates, allowing a man-in-the-middle to intercept all requests. This can compromise GraphQL...

CVE-2023-6058 HTTPS Certificate Validation Issue in Bitdefender Safepay (VA-11167)

A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for...

How to retrieve the keystore password needed to renew the HTTPS internal XenMobile SSL certificate

The internal SSL certificate has expired and Mobile Device Management MDM administrator does not remember the keystore password to renew the HTTPS certificate https.p12...

CVE-2024-1873

CVE-2024-1873 affects parisneo/lollms-webui (version a9d16b0) via an exposed /select_database endpoint that mishandles file paths when interacting with the DiscussionsDB, enabling path traversal and potential denial of service. Attackers can specify absolute paths to create directories anywhere t...

CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)

Overview In February 2024, Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server: CVE-2024-27198 is an authentication bypass vulnerability in the web component of TeamCity that arises from an alternative path issue CWE-288 and has a CVSS...

CVE-2024-27199

In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible Rapid7 Analysis Overview CVE-2024-27199 is an authentication bypass vulnerability in the web component of TeamCity that arises from a path traversal issue CWE-22 and has a CVSS base score ...

CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate Vulnerability and Weak Installation Procedures

While using the popular self-hosted web administration solution, CloudPanel from MGT-COMMERCE, Rapid7 researcher Tod Beardsley discovered three security concerns. The first, an issue involving the trustworthiness of the installation script provided by the vendor, was an instance of CWE-494:...

Design/Logic Flaw

Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the...

CVE-2021-1276

Multiple vulnerabilities in Cisco Data Center Network Manager DCNM could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when...

IBM Spectrum Protect Plus uploadHttpsCertificate Directory Traversal File Creation Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of IBM Spectrum Protect Plus. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Administrative...

Waiting, Waiting, Waiting... Is There a Right Time for Breach Notification?

Recently, a popular online retailer revealed a month-long data breach. Card-skimming code was found capturing customer credit card data from the payment page of its website and sending that data to what appeared to be a legitimate server with a similar domain name and a valid HTTPS certificate. T...

CVE-2017-10620

Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected...

Gratipay: Possible user session hijack by invalid HTTPS certificate on inside.gratipay.com domain

Good evening team! This is a theoretical risk but I thought it was still worth reporting since every endpoint and any data flowing through inside.gratipay.com is unencrypted. POC https://inside.gratipay.com And every sub directory under inside.gratipay.com. Description Since the certificate is on...

Automating Phishing Activities: PhishLulz

Automating Phishing Activities PhishLulz is a Ruby toolset aimed at automating Phishing activities When you start a phishing campaign, a dedicated Amazon EC2 Debian 7 instance is spawned. The VM comes with various open source tools that have been glued together. The two main components are:...

AVTECH video surveillance equipment authentication bypass and other vulnerabilities

Authentication bypass vulnerability There are two ways to achieve authentication bypass: The first one is. cab way, the cab file format is a video player plug-in, stored in the web root directory, it may need to verify directly be accessed and downloaded, and the device end only through the strst...

Gratipay: Hijacking user session by forcing the use of invalid HTTPs Certificate on images.gratipay.com

I found that the domain images.gratipay.com is just a reverse proxy for gratipay.com and HTTPS works throughtout the site flawlessly except in one case, that it when we try to open user's profile: POC: https://images.gratipay.com/asdlfz/ Https Warning Page: http://i.imgur.com/XHsXJEvr.png?1 Risks...

SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2015:1344-1)

This update to python 2.7.9 fixes the following issues : - python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64 From the version update to 2.7.9 : - contains full backport of ssl module from Python 3.4 PEP466 - HTTPS certificate validation enabled by default PEP476 - SSLv3...

MGASA-2015-0091 Updated python packages fix CVE-2014-9365

Updated python packages fix security vulnerability: When Python's standard library HTTP clients httplib, urllib, urllib2, xmlrpclib are used to access resources with HTTPS, by default the certificate is not checked against any trust store, nor is the hostname in the certificate checked against th...

Wiretapping storm: the Android platform https sniffing hijacking vulnerability-vulnerability warning-the black bar safety net

0x0 Preface Last year 1 0 mid-May, Tencent Security Center in the daily terminal Safety audits found that, in the Android platform used in https communication of app the vast majority of are not safe to use the google API, a direct result of https communication of sensitive information leakage ev...