3272 matches found
CVE-2021-35034
An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted...
CVE-2021-35034
An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted...
CVE-2021-35034
Zyxel NBG6604 firmware CGI program has an insufficient session expiration vulnerability that can let a remote attacker access the device if the correct token is intercepted. Impact is unauthorized access via the network; exploitation is network-based with no user interaction. No explicit remediat...
Vulnerability found in Moxa MGate
A vulnerability has been found in Moxa MGate. The vulnerability allows an unauthenticated remote malicious person to obtain obtain sensitive data. The vulnerable Moxa MGate series have vulnerable firmware that makes it possible for an attacker to intercept the traffic and then decrypt the login...
Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials
Malicious actors are deploying a previously undiscovered binary, an Internet Information Services IIS webserver module dubbed "Owowa," on Microsoft Exchange Outlook Web Access servers with the goal of stealing credentials and enabling remote command execution. "Owowa is a C-developed .NET v4.0...
log4j: improper validation of certificate with host mismatch in SMTP appender
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1...
The vulnerability of MasterCard, Visa, and American Express payment services lies in the insufficient authorization of ARQC cryptographic algorithms generated by Apple Pay, Samsung Pay, and GPay mobile wallets. This allows attackers to use AAC cryptographic algorithms on payment services, thereby enabling them to intercept transactions when the wallet or payment terminal decides to reject a transaction.
The vulnerability of MasterCard, Visa, and American Express tokenization services is related to the insufficient authorization of ARQC cryptographic keys generated by Apple Pay, Samsung Pay, and GPay mobile wallets. Exploiting this vulnerability could allow attackers to use AAC cryptographic keys...
Cloudflare Public Bug Bounty: Hijack all emails sent to any domain that uses Cloudflare Email Forwarding
The Email Routing feature enables Cloudflare users to create any number of custom email addresses and route all incoming messages to the user's preferred inboxes. Due to a bug in zone ownership verification, it was possible to configure Email Routing to redirect e-mail messages for an unverified...
CVE-2020-10627
Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An...
Authentication flaw
Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An...
CVE-2020-10627
Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An...
SharkBot Android banking Trojan cleans users out
Researchers have discovered and analyzed a new Android banking Trojan that allows attackers to steal sensitive banking information such as user credentials, personal information, current balance, and even to perform gestures on the infected device. According to the researchers, SharkBot...
New vulnerabilities allowed attackers to intercept Zoom meetings
By Waqas These critical security vulnerabilities could have allowed hackers to intercept your Zoom meetings and target customer infrastructure. This is a post from HackRead.com Read the original post: New vulnerabilities allowed attackers to intercept Zoom meetings...
The vulnerability of the KrServerBDdemoRT.exe software module of the SCADA system “KRUG-2000” arises from the failure to encrypt critical information. This vulnerability allows attackers to intercept technological data.
The vulnerability of the KrServerBDdemoRT.exe module of the SCADA system “KRUG-2000” is related to the lack of measures taken to encrypt critical information. Exploiting this vulnerability could allow a malicious actor, operating remotely, to intercept technological data...
CVE-2020-23900
A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service DoS via a crafted tga file. Related to Data from Faulting Address controls Code Flow starting at Editor!TMethodImplementationIntercept+0x57a3b...
WildBit Viewer 缓冲区错误漏洞
WildBit Viewer is a compact image viewer with slide show and editor. A buffer overflow vulnerability exists in Editor!TMethodImplementationIntercept+0x53f6c3 in WildBit Viewer version 6.6, which can be exploited by an attacker to cause a denial of service via a specially crafted psd file...
IBM QRadar Network Security 安全漏洞
IBM QRadar Network Security is a network security manager from IBM USA, Inc. used to provide better visibility and control over activities and users on the network, while using deep packet inspection, heuristics and behavior-based analysis to detect and prevent advanced threats.A security...
CVE-2021-29753
IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...
Authentication flaw
IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...
CVE-2021-29753
IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...