Design/Logic Flaw

In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to t...

MB CONNECT LINE mbCONNECT24 安全漏洞

Mb Connect Line MB CONNECT LINE mbCONNECT24 is a set of remote service portals from Mb Connect Line, Germany. The product supports remote access, data logging and alarming. A security vulnerability exists in MB CONNECT LINE mbCONNECT24, which originates in MB Connect Line mbCONNECT24, mbCONNECT24...

The vulnerability of the microprogrammed Wi-Fi camera software of Rubetek RV-3406, RV-3409, and RV-3411 lies in the lack of protection for transmitted data, allowing intruders to intercept and modify video data from the cameras.

The vulnerability of the Microprogrammed Wi-Fi cameras Rubetek RV-3406, RV-3409, and RV-3411 lies in the lack of protection for transmitted data. Exploiting this vulnerability could allow a remote attacker to intercept and modify video data from the cameras...

CVE-2020-12681

Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices through 3.4.125 allows an attacker to intercept/control the channel by which door lock policies are applied...

CVE-2020-12681

Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices through 3.4.125 allows an attacker to intercept/control the channel by which door lock policies are applied...

Design/Logic Flaw

Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices through 3.4.125 allows an attacker to intercept/control the channel by which door lock policies are applied...

CVE-2020-12681

Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices through 3.4.125 allows an attacker to intercept/control the channel by which door lock policies are applied...

CVE-2020-12681

The CVE-2020-12681 issue affects 3xLogic Infinias eIDC32 devices (through version 3.4.125). Root cause: missing TLS certificate validation, enabling an attacker to intercept or control the channel used to apply door lock policies. Impact, as stated, is the interception/control of policy applicati...

3xlogic 3xLogic Infinias eIDC32 信任管理问题漏洞

The 3xlogic 3xLogic Infinias eIDC32 is an access control controller from 3xLogic 3xlogic USA. A security vulnerability exists in the 3xLogic Infinias eIDC32, which allows an attacker to exploit the vulnerability to intercept channels that control the application of door locking policies...

U.S. Dept Of Defense: SQL injection located in `███` in POST param `████████`

Hey DoD security team! I was able to exploit an SQL injection 1 in one of your domains. Description An SQL injection 1 was discovered in domain https://████████/██████ in the parameter ██████████. The SQL injection was located in a WHERE statment fallowed by a INT value. The vulnerable parameter...

Shopify: Theme editor `oseid` parameter is leaked to third-party services through the `Referer` header which leads to somekind of storefront password bypass.

Hello Shopify, Summary While reading @danishalkatiri's report 997350, I remembered a report that @francisbeaudoin shared with me some time agomid-February 2021 about leaking the theme editor oseid parameter and being able to exploit it to a point where he was able to somewhat bypass the storefron...

The vulnerability of the SAP NetWeaver integration platform, related to the lack of measures taken to protect the structure of web pages, allows attackers to intercept administrator or user sessions of web resources.

The vulnerability of the Pmitest server of the SAP NetWeaver software integration platform is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor, operating remotely, to intercept the session of administrators or...

The vulnerability of the SAP NetWeaver integration platform, related to the lack of measures taken to protect the structure of the web page, allows a hacker to intercept the session of administrators or users of web resources.

The vulnerability of the Ecatt server, a software integration platform for SAP NetWeaver, is related to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor, operating remotely, to intercept the session of...

The vulnerability of the SAP NetWeaver integration platform, related to the lack of measures taken to protect the structure of the web page, allows a hacker to intercept the session of administrators or users of web resources.

The vulnerability of the MDT software integration platform for SAP NetWeaver is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor, operating remotely, to intercept the session of an administrator or user of the w...

The vulnerability of the SAP Business Objects decision support system lies in the lack of measures taken to protect the website structure. This allows attackers to intercept the session of administrators or users of the web resources.

The vulnerability of the SAP Business Objects decision support system lies in the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to intercept administrator or user sessions on the web resources, using specially crafted POST/GET...

The vulnerability of the SAP NetWeaver integration platform, related to the lack of measures taken to protect the structure of the web page, allows a hacker to intercept the session of administrators or users of web resources.

The vulnerability of the ProxyServer server of the SAP NetWeaver software integration platform is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor, operating remotely, to intercept the session of administrators ...

16 Cybercriminals Behind Mekotio and Grandoreiro Banking Trojan Arrested in Spain

Spanish law enforcement agencies on Wednesday arrested 16 individuals belonging to a criminal network in connection with operating two banking trojans as part of a social engineering campaign targeting financial institutions in Europe. The arrests were made in Ribeira A Coruña, Madrid, Parla and...

CVE-2021-36382

Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint which accepts cleartext...

Design/Logic Flaw

Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint which accepts cleartext...

Devolutions Server 信任管理问题漏洞

Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server that originates in Devolutions Server prior to 2021.1.18 and LTS prior to 2020.3.20 that intercepts...