Lucene search
K

174 matches found

Tenable Nessus
Tenable Nessus
added 2024/02/27 12:0 a.m.24 views

MikroTik RouterOS Improper Certificate Validation (CVE-2018-10066)

An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network fo...

8.1CVSS7.3AI score0.01049EPSS
Exploits1References2
Prion
Prion
added 2023/08/24 7:15 p.m.17 views

Design/Logic Flaw

A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security TLS in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can...

4CVSS7.3AI score0.00245EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/08/21 12:0 a.m.19 views

openSUSE 15 Security Update : python-mitmproxy (openSUSE-SU-2023:0232-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0232-1 advisory. - mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP...

9.8CVSS8AI score0.01176EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/08/21 12:0 a.m.18 views

openSUSE 15 Security Update : python-mitmproxy (openSUSE-SU-2023:0233-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0233-1 advisory. - mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP...

9.8CVSS8AI score0.01176EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/07/10 9:27 a.m.26 views

CVE-2023-3272

Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by intercepting network traffic that is not encrypted...

7.5CVSS7.5AI score0.00441EPSS
Exploits0References3
Prion
Prion
added 2023/06/23 8:15 a.m.14 views

Input validation

Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view o...

3.2CVSS3.9AI score0.00249EPSS
Exploits0References1Affected Software45
Huntr
Huntr
added 2023/06/09 9:0 a.m.4 views

Serious Security Vulnerability Discovered in Promotion

Description I am writing to report a serious security vulnerability that we have uncovered. Specifically, we have found that promotions applied to certain client groups are still being honored even after the promotions are no longer applicable to those groups. This means that attackers can...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/06/05 12:0 a.m.13 views

PT-2023-24674 · Avo · Avo

Name of the Vulnerable Software and Affected Versions: Avo affected versions not specified Description: The issue concerns some Avo fields being vulnerable to Cross Site Scripting XSS when rendering HTML-based content. Attackers need form edit privilege to exploit this vulnerability, but the...

7.3CVSS6AI score0.00563EPSS
Exploits1References10
Prion
Prion
added 2023/04/18 10:15 p.m.19 views

Design/Logic Flaw

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...

2.4CVSS6AI score0.00197EPSS
Exploits0References1Affected Software1
Huntr
Huntr
added 2023/02/22 3:1 a.m.37 views

Insecure Business Logic - Client Side Enforcement Bypass on User Account Deletion

Description The application enforces account deletion on the client-side with a popup that states the admin account cannot be deleted. Additionally, regular users do not have an option in the interface to delete their own account. An administrative and regular-privileged user are able to bypass...

5.5CVSS5.5AI score0.0075EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/08 12:21 p.m.16 views

Privilege Escalation in the Cockpit CMS

Description Hi, during my analyses I realized that it is possible to perform a privilege escalation by intercepting the request and changing the roles from "user" to "admin" becoming the application's administrator. Proof of Concept poc:...

6.5CVSS8.6AI score0.00344EPSS
Exploits1
Prion
Prion
added 2022/12/14 1:15 a.m.20 views

Default credentials

The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative credentials to the router...

4CVSS6.6AI score0.00468EPSS
Exploits1References1
Hacker One
Hacker One
added 2022/09/28 7:24 p.m.11 views

Slack: Ability to join an arbitrary workspace by utilizing a proxy to manipulate invite links

A vulnerability was found in Slack that allowed experienced researchers to utilize an intercepting proxy to manipulate invite links and join an arbitrary workspace without admin approval. The issue was fixed immediately and no customers were impacted...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2022/09/03 6:59 p.m.20 views

U.S. Dept Of Defense: Authentication bypass leads to Information Disclosure at U.S Air Force "https://███"

Hi Hackerone Triage team, I'm new in this program, what i understood that every Web Owned/Operated by DoD is in scope , so i did some google searches , exactly in wikipedia and i've find this PNG that confirms that U.S Air Force is in scope :...

7.4AI score
Exploits0
Veracode
Veracode
added 2022/07/26 3:27 a.m.23 views

Authorization Bypass

drupal7 is vulnerable to authorization bypass. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signature - impersonating existing users and existing roles, including administrative users/roles...

9.8CVSS8.5AI score0.00545EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/06/03 6:15 p.m.26 views

CVE-2022-26493

Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signatur...

9.8CVSS0.00545EPSS
Exploits0References1
Prion
Prion
added 2022/06/03 6:15 p.m.27 views

Authorization

Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signatur...

6.5CVSS8.8AI score0.00545EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/05/26 4:15 p.m.4 views

DEBIAN-CVE-2022-30783

An invalid return code in fusekernmount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite...

6.7CVSS7AI score0.00417EPSS
Exploits0References1
NVD
NVD
added 2022/03/21 7:15 p.m.43 views

CVE-2022-24766

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of...

9.8CVSS0.01582EPSS
Exploits0References3
OSV
OSV
added 2022/03/21 7:15 p.m.22 views

PYSEC-2022-170

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of...

9.8CVSS9.3AI score0.01582EPSS
Exploits0References3
Rows per page
Query Builder