qbs remote code execution vulnerability

qbs is a set of automated build tools that manage the process of building software projects across multiple platforms. A security vulnerability exists in qbs that originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the...

libsbmlsim Remote Code Execution Vulnerability

libsbmlsim is a library for simulating SBML models containing ordinary differential equations. A security vulnerability exists in libsbmlsim that originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by...

ANA App for iOS fails to validate SSL server certificate vulnerability

ANA App is an APP application. ANA App for iOS is vulnerable to a method-validated SSL server certificate vulnerability that could be exploited by an attacker to obtain and/or alter the content of a communication...

CVE-2018-5157

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR 52.8 an...

CVE-2018-5152

CVE-2018-5152 affects Firefox before 60. WebExtensions with appropriate permissions can inject content scripts into sites like accounts.firefox.com and monitor traffic via webRequest, enabling interception during login and exposure of username and encrypted password. The issue is limited to the l...

Monstra CMS 3.0.4 - Cross-Site Scripting (1)

Monstra CMS 3.0.4 - Cross-Site Scripting 1 Title: Monstra CMS www.target.com' url = input'Target : ' print' Required admin's PHPSESSID.' PHPSESSID = input'PHPSESSID : ' pagename = input'Pagename : ' script = input'Script : ' target = 'http://' + url + '/admin/index.php?id=pages&action=addpage'...

Design/Logic Flaw

Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...

CVE-2017-16005

Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...

Logic Design Vulnerability in LemHealth APP, a Smart Health Bracelet from Synerchip Technology

LemHealth APP is a health management software. A logical design vulnerability exists in the LemHealth APP, a smart health bracelet from Synergy Technology. An attacker can reset any password and perform unauthorized operations by catching packets and intercepting changes...

CVE-2016-10582

closurecompiler is a Closure Compiler for node.js. closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on...

Hardcoded credentials

The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending...

CVE-2016-10530

The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending...

CVE-2016-10530

The CVE-2016-10530 issue affects the airbrake Node.js module (versions ≤ 0.3.8). It defaults to sending environment variables over HTTP, exposing secrets on privileged networks. This is explicitly described in multiple Connected sources (Airbrake node advisory and CVE records). Impact is exposure...

CVE-2016-10566

install-nw is a module which quickly and robustly installs and caches NW.js. install-nw versions below 1.1.5 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...

Remote code execution

scala-bin is a binary wrapper for Scala. scala-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

About the security content of watchOS 4.3.1

About the security content of watchOS 4.3.1 This document describes the security content of watchOS 4.3.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

About the security content of iOS 11.4

About the security content of iOS 11.4 This document describes the security content of iOS 11.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recen...

[SECURITY] [DSA 4211-1] xdg-utils security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4211-1 [email protected] https://www.debian.org/security/ Luciano Bello May 25, 2018 https://www.debian.org/security/faq -...

CVE-2017-12129

An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them...

PT-2018-5370 · Moxa · Moxa Edr-810

Name of the Vulnerable Software and Affected Versions: Moxa EDR-810 version 4.1 build 17030317 Description: A weakness in cryptography for passwords exists in the web server functionality, allowing an attacker to intercept weakly encrypted passwords and potentially brute force them...