CVE-2021-3882

LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection HTTP, an attacker may be able to obtain the authentication data by capturing network...

ABB Cylon FLXeon 9.3.4 wsConnect.js WebSocket Command Spawning

ABB Cylon FLXeon version 9.3.4 is vulnerable to an unauthenticated WebSocket implementation that allows an attacker to execute the tcpdump command. This command captures network traffic and filters it on serial ports 4855 and 4851, which are relevant to the device's services. The vulnerability ca...

State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage

A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributed it as the handiwork of a previously undocumented sophisticated...

CVE-2023-39172

CVE-2023-39172 affects SENEC ENBW Legacy Storage Box series (V1, V2, V3). The root cause is that the devices transmit sensitive information unencrypted over the network, enabling a remote unauthenticated attacker to capture and modify traffic. The NVD entry assigns a CRITICAL CVSS v3.1 score (9.1...

CVE-2023-39172 SENEC: Storage Box V1,V2 and V3 transmitting sensitive data unencrypted

The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic...

CVE-2023-37943

Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Activ...

K39512927: tcpdump vulnerabilities CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, and CVE-2016-7933

Security Advisory Description CVE-2016-7928 The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcompprint. CVE-2016-7929 The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniperparseheader. CVE-2016-7930 The LLC/SNAP...

CVE-2021-42699

The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account...

Vulnerability of the print-rsvp.c:rsvp_obj_print() utility for capturing and analyzing network traffic with tcpdump: This utility allows a intruder to gain unauthorized access to information and compromise its integrity and availability.

The vulnerability in the print-rsvp.c:rsvpobjprint utility for capturing and analyzing network traffic using tcpdump is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to gain unauthorized access to information and compromise...

tcpdump buffer overflow vulnerability (CNVD-2019-41908)

tcpdump is a set of sniffing tools from Tcpdump team running under command line. The tool is mainly used for packet analysis and network traffic capture etc. tcpdump suffers from a buffer overflow vulnerability. An attacker can exploit this vulnerability to cause a buffer overflow or heap overflo...

CVE-2018-4069

An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to...

[Cuckoo Sandbox v0.6] Software for Automating Analysis of Suspicious Files

Cuckoo Sandbox is an Open Source software for automating analysis of suspicious files. To do so it makes use of custom components that monitor the behavior of the malicious processes while running in an isolated environment. Cuckoo generates a handful of different raw data which include: Native...