CVE-2018-5152

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firef...

CVE-2018-5152

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firef...

Siemens Siveillance VMS Video for Android and iOS Incorrect Certificate Validation Vulnerability

Siemens Siveillance VMS Video for Android is an Android-based video management software from Siemens, Germany. Siveillance VMS Video for iOS is an iOS-based version. A security vulnerability exists in Siveillance VMS Video prior to 12.1a 2018 R1 for Android-based platforms and Siveillance VMS Vid...

Moxa EDR-810 Weak Password Vulnerability

The Moxa EDR-810 is an industrial security router with firewall/NAT/VPN and managed Layer 2 switch functionality. It is designed for Ethernet-based security applications in remote control or monitoring networks. A weak password vulnerability exists in the web server functionality of the Moxa...

PortSwigger Web Security: burp does not validate the common name of the presented collaborator server certificate

Burp is not validating correctly if the presented certificate in collaborator server. It warns if it is a self signed one, but if it is a legitimate one any valid CA, it appears not to be checking the CN. This is an issue for the polling service, since it allows for the connection to be intercept...

Hacker Can Steal Data from Air-Gapped Computers through Power Lines

Do you think it is possible to extract data from a computer using its power cables? If no, then you should definitely read about this technique. Researchers from Israel's Ben Gurion University of the Negev—who majorly focus on finding clever ways to exfiltrate data from an isolated or air-gapped...

Secret Service Warns of Chip Card Scheme

The U.S. Secret Service is warning financial institutions about a new scam involving the temporary theft of chip-based debit cards issued to large corporations. In this scheme, the fraudsters intercept new debit cards in the mail and replace the chips on the cards with chips from old cards. When...

Critical flaw leaves thousands of Cisco Switches vulnerable to remote hacking

Security researchers at Embedi have disclosed a critical vulnerability in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to execute arbitrary code, take full control over the vulnerable network equipment and intercept traffic. The stack-based...

Audi Travel App has a Bursting Vulnerability

Audi Travel App is a travel service software. Audi Travel APP is vulnerable to a blasting vulnerability. An attacker can log in to any user account and perform unauthorized operations by grabbing packets and bursting them...

Unspecified Vulnerability in TitanHQ WebTitan Gateway

TitanHQ WebTitan Gateway is a scalable web filtering appliance. The appliance is used to filter malware, ransomware botnets, malicious websites and more. A security vulnerability exists in TitanHQ WebTitan Gateway that stems from the program failing to properly validate certificates for the TLS...

CVE-2017-18227

TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature...

Information disclosure

TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature...

CVE-2017-18227

TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature...

CVE-2017-18227

TitanHQ WebTitan Gateway has an incorrect certificate validation in its TLS interception feature, as described by CVE-2017-18227. The vulnerability relates to improper certificate handling within the TLS interception functionality of WebTitan Gateway. Connected documents corroborate the issue, bu...

New FlawedAmmyy RAT steals data and intercepts audio chat

By Waqas The FlawedAmmyy RAT has been developed using the leaked source This is a post from HackRead.com Read the original post: New FlawedAmmyy RAT steals data and intercepts audio chat...

CMS Made Simple 2.1.6 Remote Code Execution

Exploit Title: CMS Made Simple 2.1.6 - Remote Code Execution Date: 2018-02-26 Exploit Author: Keerati T. Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/13570/cmsms-2.1.6-install.zip Version: 2.1.6 CVE: CVE-2018-7448 Tested on: Linux...

Free and Open Source Interactive HTTPS Proxy: mitmproxy

mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols. You can prettify and decode a variety of...

CVE-2016-0351

IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. IBM X-Force ID:...

CVE-2016-0351

IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. IBM X-Force ID:...

Vend VDP: Improper access control on adding a Register to an Outlet

Summary: User without permissions to add a Register to an Outlet can bypass this restriction and add a Register to an Outlet. Description: I do not know which permission exactly controls this action, I tested this against default Cashier role. User with default Cashier role has no permission to a...