Crafty Web Skimming Domain Spoofs “https”

Earlier today, KrebsOnSecurity alerted the 10th largest food distributor in the United States that one of its Web sites had been hacked and retrofitted with code that steals credit card and login data. While such Web site card skimming attacks are not new, this intrusion leveraged a sneaky new...

WAGO e!Cockpit Network Communication Plaintext Transfer Vulnerability

Cockpit is an interactive server management interface. A network communications plaintext transfer vulnerability exists in WAGO e!Cockpit, which can be exploited by an attacker to intercept, interpret, and manipulate data from or to e...

The vulnerability of the web interface of Belden Hirschmann’s network switches models RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS allows a intruder to gain unauthorized access and intercept web sessions.

The vulnerability of Belden Hirschmann’s network switch web interfaces for models series RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS is related to improper session management. Exploiting this vulnerability can allow an attacker to gain unauthorized access and intercept web sessions...

CVE-2019-5107

A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords,...

Design/Logic Flaw

A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords,...

CVE-2019-9095

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access...

Design/Logic Flaw

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access...

CVE-2019-9095

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access...

CVE-2019-9095

CVE-2019-9095 affects Moxa MGate MB31xx/MB32xx/MB36xx/MB3180 gateways. The vulnerability arises from use of a broken or risky cryptographic algorithm that may allow an attacker to intercept weakly encrypted passwords and gain administrative access. Affected firmware versions include MB3170/MB3270...

CVE-2019-5107

CVE-2019-5107 affects WAGO e!Cockpit 1.5.1.1. TALOS details a network cleartext transmission vulnerability where data, including passwords and configurations, can be intercepted, interpreted, and manipulated over unencrypted network traffic between GatewayService and PLC devices. CVSSv3 score is ...

Design/Logic Flaw

A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable...

CVE-2019-18863

A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercep...

Webshell Bypass Vulnerability in Web Security Dog Apache Edition (CNVD-2020-23226)

Website Security Dog APACHE Edition is a server tool that integrates website content security protection, website resource protection and website traffic protection functions to fully protect website security. Webshell bypass vulnerability exists in Website Security Dog Apache Edition, which can ...

Man-in-the-Middle (MitM)

jwebunit is vulnerable to man-in-the-middle attacks. The package uses an insecure HTTP channel to resolve package dependencies, allowing an attacker to intercept and modify network traffic or introduce malicious code into the resolved package...

Mac adware is more sophisticated and dangerous than traditional Mac malware

As the data revealed in our State of Malware report showed, Mac threats are on the rise, but they are not the same type of threats experienced by Windows users. Most notably, more traditional forms of malware, such as ransomware, spyware, and backdoors account for over 27 percent of all Windows...

Webshell Bypass Vulnerability in Web Security Dog (Apache Edition)

Website Security Dog APACHE Edition is a server tool that integrates website content security protection, website resource protection and website traffic protection functions to fully protect website security. Website Security Dog Apache Edition has a webshell bypass vulnerability that can be...

New LTE Network Flaw Could Let Attackers Impersonate 4G Mobile Users

A group of academics from Ruhr University Bochum and New York University Abu Dhabi have uncovered security flaws in 4G LTE and 5G networks that could potentially allow hackers to impersonate users on the network and even sign up for paid subscriptions on their behalf. The impersonation attack —...

Man-in-the-Middle (MitM)

jcommander is vulnerable to man-in-the-middle attacks. The usage of an insecure HTTP channel during build allows an attacker to intercept and modify network traffic and introduce malicious code into the third-party component...

Forcepoint WebSecurity 8.5 Cross Site Scripting

Exploit Title: Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting Exploit Author: Prasenjit Kanti Paul Vendor Homepage: https://www.forcepoint.com/ Software Link: https://www.forcepoint.com/product/cloud-security/web-security Version: Forcepoint Web Security 8.5 Tested on: Windows 7,10...

Code injection

MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets...