CVE-2020-28190

TerraMaster TOS = 4.2.06 was found to check for updates of both system and applications via an insecure channel HTTP. Man-in-the-middle attackers are able to intercept these requests and serve a weaponized/infected version of applications or updates...

Man-in-the-Middle (MitM)

moneta is vulnerable to man-in-the-middle attacks. The package resolves package dependencies via an insecure HTTP channel, allowing an attacker in the network to modify package contents during build...

python-requests: Redirect from HTTPS to HTTP does not remove Authorization header

A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected 302 from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker coul...

Man-in-the-Middle (MitM)

jwebunit is vulnerable to man-in-the-middle attacks. The package uses an insecure HTTP channel to resolve package dependencies, allowing an attacker to intercept and modify network traffic or introduce malicious code into the resolved package...

CVE-2019-14334

An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command...

CVE-2019-14334

An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command...

CVE-2019-14336

CVE-2019-14336 affects D-Link 6600-AP and DWL-3600AP with firmware 4.2.0.14 Ax. The vulnerability enables post-authenticated dump of all configuration files via an insecure HTTP request to admin.cgi, leading to information disclosure. Multiple connected sources corroborate an authenticated access...

CVE-2019-4176

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. An attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 158881...

CVE-2019-10248

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected...

Popular Video Editing Software Website Hacked to Spread Banking Trojan

If you have downloaded the VSDC multimedia editing software between late February to late March this year, there are high chances that your computer has been infected with a banking trojan and an information stealer. The official website of the VSDC software — one of the most popular, free video...

CVE-2019-11065

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site...

Design/Logic Flaw

The UCWeb UC Browser application through 2019-03-26 for Android uses HTTP to download certain modules associated with PDF and Microsoft Office files related to libpicsel, which allows MITM attacks...

CVE-2019-10251

The UCWeb UC Browser application through 2019-03-26 for Android uses HTTP to download certain modules associated with PDF and Microsoft Office files related to libpicsel, which allows MITM attacks...

Design/Logic Flaw

The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account...

CVE-2017-16041

ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks...

Design/Logic Flaw

The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle MITM vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may...

CVE-2017-8154

The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle MITM vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may...

CVE-2017-8154

The CVE-2017-8154 entry concerns Huawei/Honor devices (Themes App on Honor 8 Lite) with software versions prior to Prague-L31C576B172, Prague-L31C530B160, and Prague-L31C432B180. The underlying issue is an MITM vulnerability arising from the use of insecure HTTP to download themes, enabling an at...

Huawei Honor 8 Youth Man-in-the-Middle Attack Vulnerability

Huawei Honor 8 Youth is a smartphone device. A man-in-the-middle attack vulnerability exists in Huawei Honor 8 Youth Edition. Since the theme manager uses an insecure http protocol to download certain theme packages, an attacker may exploit this vulnerability to corrupt the downloaded theme...

CoolMusicBox Upgrade Process Involves Arbitrary File Download Vulnerability

Coolmusic is a one-stop personalized music service platform that integrates music discovery, access and enjoyment. There is an arbitrary file download vulnerability in the update process of kwmusic, due to the use of insecure HTTP communication protocol to interact with the server, and did not...