File restriction bypass in socket.io-file

Overview All versions of socket.io-fileare vulnerable to a file restriction bypass. The validation for valid file types only happens on the client-side, which allows an attacker to intercept the Websocket request post-validation and alter the name value to upload any file types. Recommendation No...

Vulnerability fixed in Dell SonicWall

A vulnerability has been fixed in Dell SonicWall. It involves a domain name collision vulnerability. The web interface of SonicWall makes it possible for an attacker to obtain information about domain names used on an organization's internal network. organization. The attacker can register a foun...

ibus: missing authorization allows local attacker to access the input bus of another user

A flaw was discovered in ibus that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface...

CS Money: Application DOS via specially crafted payload on 3d.cs.money

Summary: Hello Team, While testing it was observed that on 3d.cs.money a DOS is possible via specially crafted request using only single request from single machine on search bar. Though I am aware of the Out of Scope policy "Any activity that could lead to the disruption of our service DoS", thi...

CVE-2020-25748

A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras firmware versions v342, v339. Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP...

Design/Logic Flaw

A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras firmware versions v342, v339. Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP...

CVE-2020-25748

Technical details such as exact vulnerable components, affected firmware versions beyond v342/v339, exploitation vectors, and official remediation steps are not publicly provided in the supplied documents. Monitor for updates from official sources for confirmed specifics and fixes.

CVE-2020-9770

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic. Mitigation Bluetooth Low Energy can be disabled altogether if it is not required, using the...

USN-4531-1 busybox vulnerability

It was discovered that the BusyBox wget applet incorrectly validated SSL certificates. A remote attacker could possibly use this issue to intercept secure communications...

log4j: improper validation of certificate with host mismatch in SMTP appender

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1...

Speed 2 – The Poseidon Adventure – Part Two

This post is a companion to the DEF CON 28 video available here Part One is available here Issue 3: Time and Tide Wait for No VLAN As mentioned the cabin switch appeared to be the key to all our access requirements. From that we could get to the trunk network, and all those TV, VOIP, and Wi-Fi...

CVE-2020-6781

Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack...

Input validation

Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack...

CVE-2020-6781

CVE-2020-6781 affects the Bosch Smart Home System App for iOS prior to version 9.17.1, where improper certificate validation in certain connections could allow an attacker to perform a man-in-the-middle attack and intercept video contents. Root cause: insufficient validation of TLS certificates i...

HackerOne: Hacker can bypass minimum bounty amount restrictions in "invitation preferences" setting via UpdateInvitationPreferencesMutation GraphQL operation

Summary: Hacker can bypass minimum bounty amount restrictions in invitation preferences due to trusted client-side input to UpdateInvitationPreferencesMutation GraphQL operation Description: The new "Bounty Preferences" feature at https://hackerone.com/settings/preferences allows the hacker to se...

DEBIAN-CVE-2020-13920

Apache ActiveMQ uses LocateRegistry.createRegistry to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to...

PT-2020-13781 · Apache +2 · Apache Activemq +2

Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ versions prior to 5.15.12 Description: The issue allows an attacker to connect to the JMX RMI registry without authentication and rebind the jmxrmi entry. By creating a proxy server, an attacker can intercept user credentials...

CVE-2020-13920

CVE-2020-13920 affects Apache ActiveMQ through a JMX RMI registry authentication flaw. An unauthenticated client can bind a proxy to the jmxrmi entry, enabling MITM-style interception of credentials when users connect. Affected guidance: upgrade to a fixed ActiveMQ release (initial advisory cites...

CVE-2020-15791

A vulnerability has been identified in SIMATIC S7-300 CPU family incl. related ET200 CPUs and SIPLUS variants All versions, SIMATIC S7-400 CPU family incl. SIPLUS variants All versions, SIMATIC WinAC RTX F 2010 All versions, SINUMERIK 840D sl All versions. The authentication protocol between a...

Improper Password Protection During Authentication Vulnerability in Multiple Siemens Products

The Siemens SIMATIC S7-300 CPU is a modular general-purpose controller for the manufacturing industry from Siemens.Products in the Siemens SIMATIC S7-400 CPU family have been designed for process control in industrial environments. A security vulnerability exists in several Siemens products. An...