26 matches found
Bandit trusts client-supplied URI scheme on plaintext connections
Summary Bandit reflects the client-supplied URI scheme into conn.scheme without verifying the actual transport. Over a plaintext HTTP/1.1 connection or h2c, an unauthenticated attacker can send an absolute-form request target like GET https://victim/path HTTP/1.1 and the application observes...
EUVD-2009-2066
Malware in sbrugna...
EUVD-2016-5748
Malware in sbrugna...
EUVD-2008-0063
Malware in sbrugna...
EUVD-2013-1054
Malware in sbrugna...
EUVD-2010-3310
Malware in sbrugna...
EUVD-2012-3689
Malware in sbrugna...
EUVD-2009-2068
Malware in sbrugna...
EUVD-2022-3182
Malicious code in bioql PyPI...
EUVD-2022-2559
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2012-3742
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows...
SUSE CVE-2010-3900
Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312...
CVE-2016-10125
D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session...
DEBIAN-CVE-2016-2113
Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate...
CVE-2013-7397
Async Http Client aka AHC or async-http-client before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a...
NetNanny Found Using Shared Private Key, Root CA
An issue with the content-control software NetNanny could open users’ systems up to man-in-the-middle MiTM attacks, HTTPS spoofing and intercept, researchers warned Monday. First released in 1995, the internet filtering service is primarily used by parents to control their children’s online...
NetNanny uses a shared private key and root CA
Overview NetNanny uses a shared private key and root Certificate Authority CA, making systems broadly vulnerable to HTTPS spoofing. Description NetNanny installs a Man-in-the-Middle MITM proxy as well as a new trusted root CA certificate. The certificate used by NetNanny is shared among all...
Multiple SSL certificate authorities use predefined email addresses as proof of domain ownership
Overview Multiple SSL certificate authorities may issue certificates to a customer based solely on the control of certain email addresses. This may allow an attacker to obtain a valid SSL certificate to perform HTTPS spoofing without generating a warning in the client software. Description When a...
NSIS Inetc plug-in fails to validate SSL certificates
Overview The Intetc plugin for the NSIS installer fails to validate SSL certificates, which makes affected installers vulnerable to HTTPS spoofing. Description Inetc is a plugin for the NSIS installer software that provides the ability to download files from the internet. Although Inetc supports...
Adtrustmedia PrivDog fails to validate SSL certificates
Overview Adtrustmedia PrivDog fails to validate SSL certificates, making systems broadly vulnerable to HTTPS spoofing. Description Adtrustmedia PrivDog is a Windows application that advertises "... safer, faster and more private web browsing." Privdog installs a Man-in-the-Middle MITM proxy as we...