CVE-2020-27650

Synology DiskStation Manager DSM before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

bettercap-proxy-modules

This is a collection of HTTP proxy modules for the BetterCap framework, a tool for performing network attacks and penetration testing. The modules are designed to be used with the BetterCap proxy server, which can be configured to intercept and modify HTTP traffic between a client and a server. T...

Design/Logic Flaw

This issue was addressed by verifying host keys when connecting to a previously-known SSH server. This issue is fixed in iOS 13.1 and iPadOS 13.1. An attacker in a privileged network position may be able to intercept SSH traffic from the “Run script over SSH” action...

CVE-2019-8645

An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position may be able to...

Code injection

An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position may be able to...

CVE-2019-8901

CVE-2019-8901 affects iOS/iPadOS via the Shortcuts “Run script over SSH” flow. The root cause is improper host-key verification when connecting to a previously known SSH server, enabling an attacker in a privileged network position to intercept SSH traffic. Apple fixes are in iOS 13.1 and iPadOS ...

CVE-2019-8901

This issue was addressed by verifying host keys when connecting to a previously-known SSH server. This issue is fixed in iOS 13.1 and iPadOS 13.1. An attacker in a privileged network position may be able to intercept SSH traffic from the “Run script over SSH” action...

MariaDB: Named pipe connection inteception

With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between...

The vulnerability of the BI Workspace module of the SAP BusinessObjects Business Intelligence platform allows a hacker to elevate their privileges by intercepting sessions or exposing protected information.

The vulnerability of the BI Workspace module of the SAP BusinessObjects Business Intelligence platform exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to elevate their privileges by intercepting sessions or disclose...

CVE-2020-7196

The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdcadminpassword in the source file of the u...

Shopify: Customer's full name disclosure via Shopify Chat (by email lookup)

By making use of the Shopify Chat Application, it is possible to retrieve a customer First Name and Last Name by providing its email. Steps to reproduce 1. Having a shop with Shopify Chat installed, open up https://shop.myshopify.com/?chat in Incognito mode 1. Click on I need an update on my orde...

Shopify: Order lookup features of Shopify Chat Application leads to customer orders enumeration due to lack of user input validation

It came to my attention that the Shopify Chat application allows a customer to retrieve its order status by only providing the order email and number. Noticing that it results in being provided the order status page link, I started playing a bit with both parameters and I found out that it is...

CVE-2020-27606

BigBlueButton before 2.2.28 or earlier does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Session fixation

BigBlueButton before 2.2.28 or earlier does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2020-26896

Prior to 0.11.0-beta, LND Lightning Network Daemon had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount...

The vulnerability of the TrueConf Server software lies in the lack of a mechanism to terminate the user’s access session, allowing attackers to intercept the user’s session.

The vulnerability of the TrueConf Server software is related to the absence of a mechanism to terminate the user’s access session. Exploiting this vulnerability could allow a malicious actor to intercept the user’s session...

UBUNTU-CVE-2020-15646

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...

Default credentials

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...

CVE-2020-15646

This CVE describes a credential theft flaw in Thunderbird: if an attacker can intercept Thunderbird’s initial automatic account setup via Microsoft Exchange autodiscovery and reply with crafted data, Thunderbird may send a username and password over HTTPS to the attacker-controlled server. Affect...

Authorization Bypass

socket.io-file is vulnerable to authorization bypass. The validation for valid file types happens on the client-side and allows an attacker to intercept the Websocket request post-validation and alter the name value to upload any file types...