CVE-2018-14708

An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic...

Design/Logic Flaw

An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic...

CVE-2018-14708

An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic...

FAST or Burp or both?

By @aLLy , Wallarm Research Hello guys, time to talk details about Wallarm FAST Framework for Application Security Testing. It’s a new automatic web vulnerability scanning and fuzzing detection tool by Wallarm Inc. It is well suited for security researchers in enterprise Red Teams as well as for...

Authentication flaw

There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploite...

CVE-2018-7958

There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploite...

CVE-2018-7959

There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak...

CVE-2018-7959

There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak...

CVE-2018-7960

CVE-2018-7960 corresponds to a SRTP icon display vulnerability in Huawei eSpace products. The issue allows an unauthenticated, remote attacker to perform a man-in-the-middle attack on non-secure transmission, potentially intercepting and tampering with call information and causing sensitive infor...

CVE-2018-7960

There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause sensiti...

CVE-2018-7959

CVE-2018-7959 affects Huawei eSpace. An unauthenticated, remote attacker can perform a man-in-the-middle attack when SRTP is enabled to make a call, intercepting and decrypting call information and potentially leaking sensitive data. The root cause is a short key vulnerability in the SRTP handlin...

Mac OS X libxpc MITM Privilege Escalation

This module exploits a vulnerablity in libxpc on macOS 'Mac OS X libxpc MITM Privilege Escalation', 'Description' = %q This module exploits a vulnerablity in libxpc on macOS = 10.13.3 The tasksetspecialport API allows callers to overwrite their bootstrap port, which is used to communicate with...

Security Advisory - Two Vulnerabilities in Huawei eSpace Product

There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak. Vulnerability I...

GHSA-Q257-VV4P-FG92 Header Forgery in http-signature

Affected versions of http-signature contain a vulnerability which can allow an attacker in a privileged network position to modify header names and change the meaning of the request, without requiring an updated signature. This problem occurs because vulnerable versions of http-signature sign the...

Brocade Fabric OS Session ID Interception and Manipulation Vulnerability

Fabric OS is the firmware for Brocade Communications Systems' Fibre Channel switches and Fibre Channel controllers. A session ID interception and manipulation vulnerability exists in the Web management interface of Brocade Fabric OS prior to 8.2.1, 8.1.2f, 8.0.2f, and 7.4.2d. An attacker could us...

CVE-2018-6434

A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID...

CVE-2018-6434

The CVE-2018-6434 issue affects Brocade Fabric OS WebGui where the session ID could be intercepted or manipulated via the web management interface on Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, or 7.4.2d. Root cause: insecure handling of session identifiers. Impact per documented sources: po...

Transparent Tor for Windows: Tallow

Tallow is a small program that redirects all outbound traffic from a Windows machine via the Tor anonymity network. Any traffic that cannot be handled by Tor, e.g. UDP, is blocked. Tallow also intercepts and handles DNS requests preventing potential leaks. Tallow has several applications,...

Memory Man in the Middle: MemITM

The MemITM Mem In The Middle tool has been developed in order to easily intercept “messages” in Windows processes memory. We developed a lot of custom memory interception tools in order to capture network messages before encryption, or IPC messages, and to be able to inspect them or alter them to...

CVE-2018-9458

In computeFocusedWindow of RootWindowContainer.java, and related functions, there is possible interception of keypresses due to focus being on the wrong window. This could lead to local escalation of privilege revealing the user's keypresses while the screen was locked with no additional executio...