WebClientPrint Processor 2.0.15.109 TLS Validation Vulnerability

RedTeam Pentesting discovered that WebClientPrint Processor WCPP does not validate TLS certificates when initiating HTTPS connections. Thus, a man-in-the-middle attacker may intercept and/or modify HTTPS traffic in transit. This may result in a disclosure of sensitive information and the integrit...

Design/Logic Flaw

IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160...

CVE-2017-1386

IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160...

CVE-2017-1386

IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160...

CVE-2017-1386

CVE-2017-1386 affects IBM API Connect 5.0.0.0 (and related product versions) where a user could bypass password policy and create non‑compliant passwords that might be intercepted and decrypted via man‑in‑the‑middle techniques. The IBM Security Bulletin details affected ranges: API Connect 5.0.0....

CVE-2017-11743

MEDHOST Connex (CVE-2017-11743) contains a hard-coded Mirth Connect admin credential ($K8t1ng) used for customer management access. The admin password is plaintext and identical across all installations, created during Connex install, with no option for customers to change it. A remote attacker a...

CVE-2017-9491

The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST; Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST; Cisco DPC3939B firmware version dpc3939b-v303r204217-150321a-CMCST; Cisco DPC3941T firmware version DPC39412.5s3PRODsey; an...

CVE-2017-9491

The CVE-2017-9491 entry affects Comcast firmware on Cisco DPC3939, DPC3939B, DPC3941T, and Arris TG1682G devices. The underlying issue is that cookies used in the administration HTTPS session do not set the secure flag, enabling cookies to be captured if session traffic is intercepted in HTTP. Th...

SSH MITM - SSH Man-In-The-Middle Tool

This penetration testing tool allows an auditor to intercept SSH connections. A patch applied to the OpenSSH v7.5p1 source code causes it to act as a proxy between the victim and their intended SSH server; all plaintext passwords and sessions are logged to disk. Of course, the victim's SSH client...

WordPress: Stored xss via template injection

Hello Sir , I found Stored XSS in https://mercantile.wordpress.org/ POC is attached . Steps to reproduce: 1.Login to your account. 2. Go to https://mercantile.wordpress.org/my-account/edit-address/ & fill details , press save & intercept this request in burp suit. 3.change name to...

WakaTime: No rate limit when creating new goals [https://wakatime.com/goals]

Hi there, I was testing and found out that there's no rate limit on goals section https://wakatime.com/goals that means you can create multiple goals in a sec, which would lead to server crash since there's no limit per request that a user can make. I made at least 100 request, and still got 200 ...

CVE-2015-5378

Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server...

CVE-2015-5378

Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server...

Avaya Patches Remote Code Execution Flaw in Aura

Internet telephony company Avaya has patched a high-severity vulnerability in its Aura Application Enablement Services product that put phone call and API data running through the server at risk for interception. Researchers at Digital Defense found a vulnerability where an attacker could, withou...

U.S. Dept Of Defense: Insecure Direct Object Reference on in-scope .mil website

Summary: A web form in a .mil website doesn't implement restriction against multiple failed attempts to place an ID in order to obtain users information or cancel an ongoing process. Description: Websites https://█████████/appointment/lookup.aspx?a=f and...

Arbitrary User Registration Vulnerability in BBCBuilder E-Commerce System

BBCBuilder is a b2b2c model developed by Yuanfeng Company, which supports the e-commerce system of platform self-supporting and supplier store coexistence mode. Version 2.6.1 of the BBCBuilder e-commerce system contains an arbitrary user registration vulnerability that allows an attacker to...

The vulnerability of the software system for managing enterprise assets in IBM Maximo Asset Management allows a perpetrator to gain access to another user’s session.

The vulnerability of the session identifier of the IBM Maximo Asset Management software management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to intercept a session or gain access to another user’s...

Atlassian Hipchat for iOS Man-in-the-Middle Attack Vulnerability

Atlassian Hipchat for iOS is a suite of team chat tools for iOS from the Australian company Atlassian that supports group and 1-to-1 voice and video chat with screen sharing. A security vulnerability exists in Atlassian HipChat for iOS versions prior to 3.16.2. An attacker can exploit the...

Panda Mobile Security for iOS Man-in-the-Middle Attack Vulnerability

Panda Mobile Security for iOS is a mobile antivirus product for iOS developed by the Spanish company Panda Security. The product protects mobile networks from viruses, spyware, hackers and other Internet threats. A security vulnerability exists in version 1.1 of Panda Mobile Security for iOS. An...

CVE-2017-8058

Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call...