Misys FusionCapital Opics Plus Information Disclosure Vulnerability

Misys FusionCapital Opics Plus is an end-to-end scalable money business solution for the financial industry from Misys UK. The solution provides IAS-compliant accounting structures, foreign exchange tools and client-facing e-banking capabilities. A security vulnerability exists in Misys...

Google Updates CA Trust Mechanisms in Android Nougat

Google last week announced changes in the way it will handle trusted Certificate Authorities in Nougat, the latest version of the Android operating system. The changes are expected to cut into the likelihood of a successful man-in-the-middle attack, or a device falling victim to an...

Hackers Can Steal Your ATM PIN from Your Smartwatch Or Fitness Tracker

As your day-to-day apparel and accessories are turning into networked mobile electronic devices that attach to your body like smartwatch or fitness band, the threat to our personal data these devices collect has risen exponentially. A recent study from Binghamton University also suggests your...

The vulnerability of the Zyxel ZLD operating system allows a remote attacker to intercept network traffic.

The Zyxel ZyWALL USG 300 network interface card/mesh router does not perform ARP packet authentication for packets transmitted over the IPv4 protocol. This allows for intercepting traffic processed by this router through ARP spoofing attacks...

The vulnerability of the microprogrammed routing software of the D–Link DSR–1000 allows a malicious actor to intercept network traffic.

The microprogrammed software of the D-Link DSR-1000 router does not perform ARP packet authentication for packets transmitted over the IPv4 protocol. This allows for intercepting the traffic processed by this router through ARP spoofing attacks...

The vulnerability of the microprogrammed software of the D–Link DSR–250 router allows a malicious individual to intercept network traffic.

The microprogrammed software of the D-Link DSR-250 router does not perform ARP packet authentication for packets transmitted over the IPv4 protocol. This allows for intercepting the traffic processed by this router through ARP spoofing attacks...

The vulnerability of the microprogrammed logic controller Siemens Simatic S7-1200 allows a malicious actor to intercept communication sessions.

The software of the Siemens SIMATIC S7-1200 programmable logic controller contains a vulnerability in the random number generator integrated into the authentication handler of the web server. During operation, it is possible to intercept a communication session by adjusting the session identifier...

Vulnerability of Cisco ACE software, which allows a malicious actor to intercept sessions

The vulnerability exists in OpenSSL due to an improper limitation on the processing of ChangeCipherSpec messages. Exploiting this vulnerability allows a malicious actor to induce the use of a null-length master key in the OpenSSL-to-OpenSSL communication, thereby intercepting the session or gaini...

Vulnerability of Cisco ASA software, allowing a malicious actor to intercept sessions

The vulnerability exists in OpenSSL due to an improper limitation on the processing of ChangeCipherSpec messages. Exploiting this vulnerability allows a malicious actor to induce the use of a null-length master key in the OpenSSL-to-OpenSSL communication, thereby intercepting the session or gaini...

Instagram Block - Moderately Critical - Information Disclosure - SA-CONTRIB-2016-037

This module enables you to authenticate with Instagram's API via an intermediary service instagram.yanniboi.com. The module doesn't sufficiently advise that your authentication tokens could be intercepted. CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in...

The vulnerability of Cisco IPS software allows a malicious actor to intercept sessions.

The vulnerability exists in OpenSSL due to an improper limitation on the processing of ChangeCipherSpec messages. Exploiting this vulnerability allows a malicious actor to induce the use of a null-length master key in the OpenSSL-to-OpenSSL communication, thereby intercepting the session or gaini...

The vulnerability of Cisco PIX software allows a malicious actor to intercept sessions.

The vulnerability in the Cisco PIX Firewall allows a malicious actor to intercept a user’s VPN session...

The vulnerability of the Internet Explorer browser allows attackers to gain unauthorized access to transmitted data.

The Internet Explorer browser contains a vulnerability related to improper certificate reconciliation during a TLS session. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to data by intercepting the TLS connection that involves mutual authentication between the...

The vulnerability of the Cisco IOS operating system, which allows a remote attacker to intercept network traffic.

The Cisco IOS operating system does not perform ARP packet authentication, which allows for intercepting traffic processed by devices running this operating system through ARP spoofing attacks...

The vulnerability of the Cisco IOS operating system, which allows a malicious actor to trigger a “disconnection”

Cisco IOS software contains a vulnerability in the Open Shortest Path First OSPF and Routing Protocol Link State Advertisement LSA protocols. This vulnerability allows a malicious actor to send specially crafted OSPF packets, thereby causing a router to fail or intercept network traffic...

Slack: User can start call in a channel of an unpaid account

Found a super minor issue that allows a user to start a call in a channel of an unpaid account. Besides the minor financial incentive for an attacker, this doesn't have a super high impact. Wanted to let you know anyway since it's not possible through the UI by default. To reproce it, start by...

FantasyTote: Betting more than max amount

Hey Fantasytote, This is not really a security issue since this won't leak any data of other users or something like that but i still wanted to tell you this because there must be a reason you guys limit the max bet to 150 euro per bet. You can reproduce this issue by betting 150 euro, intercepti...

UBUNTU-CVE-2016-2376

A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet...

CVE-2016-2376

A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet...

Apple Patches AirPort Remote Code Execution Flaw

Apple is keeping typically tight-lipped about a remote code execution vulnerability it patched in its AirPort router firmware. Last night, Apple released an advisory warning users of the AirPort Express, AirPort Extreme and AirPort Time Capsule base stations that a new firmware was...