dotnet: System.DirectoryServices.Protocols.LdapConnection sends credentials in plaintext if TLS handshake fails

A flaw was found in dotnet, where the System.DirectoryServices.Protocols.LdapConnection sends credentials in plaintext if the Transport Layer Security TLS handshake fails. This flaw allows an attacker to intercept sensitive information. The highest threat from this vulnerability is to...

Debian DSA-4983-1 : neutron - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4983 advisory. Pavel Toporkov discovered a vulnerability in Neutron, the OpenStack virtual network service, which allowed a reconfiguration of dnsmasq via crafted...

CVE-2021-20375

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567...

CVE-2021-20375

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567...

CVE-2021-20375

CVE-2021-20375 affects IBM Sterling File Gateway versions 2.2.0.0 through 6.1.1.0. The issue is improper access controls allowing an authenticated user to intercept and replace a message sent by another user. IBM’s remediation/patch guidance (per IBM Security Bulletin) provides fixes by product v...

IR615 Router 加密问题漏洞

The IR615 Router is a 4G industrial router from Rimu Technologies, China. IR615 Router is vulnerable to an encryption issue that could be exploited by attackers to intercept communications and steal sensitive information or hijack sessions...

IBM Sterling File Gateway 授权问题漏洞

IBM Sterling File Gateway is an application for transferring files between internal and external partners, allowing you to more securely and reliably transfer files with trading partners. IBM Sterling File Gateway versions 2.2.0.0-5.2.6.53, 6.0.0.0-6.0.3.4, 6.1 A data manipulation vulnerability...

PYSEC-2021-881

The FTL Server tibftlserver and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FT...

CVE-2020-20128

LaraCMS v1.0.1 transmits sensitive information in cleartext which can be intercepted by attackers...

Information disclosure

LaraCMS v1.0.1 transmits sensitive information in cleartext which can be intercepted by attackers...

Replaying / intercepting a password reset POST request can allow for valid username enumeration

h3. Issue Summary Under certain conditions it's possible to enumerate valid usernames by replaying one of the password reset HTTP requests. h3. Steps to Reproduce Request a password reset email Open the password reset mail and click the link to open your browser Intercept the POST request of the...

The Rise of One-Time Password Interception Bots

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords OTPs that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitor...

OESA-2021-1349 ansible security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

USN-5079-2 curl vulnerabilities

USN-5079-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl woul...

Huawei EulerOS: Security Advisory for ibus (EulerOS-SA-2021-2383)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

KLA12287 XSS vulnerability in Microsoft Dynamics

A cross-site-scripting XSS vulnerability was found in Microsoft Dynamics. Malicious users can exploit this vulnerability to perform cross-site scripting attack. Original advisories CVE-2021-40440 Related products Microsoft-Dynamics-365 CVE list CVE-2021-40440 unknown KB list 5006076 5006075...

What is Eavesdropping Attack❓ Definition, Types and Prevention

Eavesdropping can be defined as the demonstration of quietly catching a discussion among arbitrary outsiders; albeit discourteous, what mischief might it actually do? All things considered, very little in case somebody is simply honestly paying attention to a discussion that intrigues them...

Design/Logic Flaw

Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTT...

CVE-2021-32076 Access Restriction bypass vulnerability via referrer spoof - Business Logic Bypass

Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTT...

SolarWinds Web Help Desk 安全漏洞

Solarwinds Web Help Desk is a suite of help desk and asset management software from Solarwinds USA. The software supports features such as centralized knowledge base, IT asset management, project and task management. A security vulnerability exists in SolarWinds Web Help Desk 12.7.2, which can be...