25 matches found
EUVD-2026-32296
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix conn-level packet handling to unshare RESPONSE packets The security operations that verify the RESPONSE packets decrypt bits of it in place - however, the skbuff may be shared with a packet sniffer, which would lead to...
Linux Distros Unpatched Vulnerability : CVE-2026-46000
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rxrpc: Fix conn-level packet handling to unshare RESPONSE packets The security operations that verify the RESPONSE packets decrypt bits of it in place - however...
libpcap 1.10.6
Libpcap is a portable packet capture library which is used in many packet sniffers, including tcpdump...
Finding Phones Fast: Low-Latency and Scalable Monitoring of Cellular Communications in Sensitive Areas
The widespread availability of cellular devices introduces new threat vectors that allow users or attackers to bypass security policies and physical barriers and bring unauthorized devices into sensitive areas. These threats can arise from user non-compliance or deliberate actions aimed at data...
Apache Kylin has Insufficiently Protected Credentials
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...
CVE-2023-29055
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...
CVE-2023-29055
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...
CVE-2023-29055 Apache Kylin: Insufficiently protected credentials in config file
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...
CVE-2023-29055 Apache Kylin: Insufficiently protected credentials in config file
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...
Cybercriminals Used Two PoS Malware to Steal Details of Over 167,000 Credit Cards
Two point-of-sale PoS malware variants have been put to use by a threat actor to steal information related to more than 167,000 credit cards from payment terminals. According to Singapore-headquartered cybersecurity company Group-IB, the stolen data dumps could net the operators as much as $3.34...
What is IP sniffing?
IP sniffers, also known as packet sniffers, network analyzers, or protocol analyzers, are tools which play an essential role in the monitoring of networks, and in troubleshooting network-related issues. In essence, IP sniffing is monitoring traffic over a TCP/IP network. IP sniffers intercept the...
Invisible rat: how Sentry, Datadog, and others used by XSS and JavaScript malware
We all know how it’s convenient to use tools like Sentry or Datadogs for JavaScript events monitoring. It allows to catch errors in real-time, organize and manage issues resolution process, and genuinely shift left operations to developers. But Wallarm security experts warn of dangerous patterns ...
Sifchain: HTTPS not enforced at dex.sifchain.finance
Hi The requestes using non secured HTTP do not automatically upgraded to HTTPS , The impact of this an attacker can laucn a MITM attack and steal users information. Impact Data sent over HTTP, is being transmitted in plain , sniffers can see it , edit it , poison ads , know what contents being...
CVE-2020-13136
D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer...
Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks
The Indonesian National Police in a joint press conference with Interpol and cybersecurity firm Group-IB earlier today announced the arrest of three Magecart-style Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online...
In-Depth Analysis of JS Sniffers Uncovers New Families of Credit Card-Skimming Code
In a world that's growing increasingly digital, Magecart attacks have emerged as a key cybersecurity threat to e-commerce sites. Magecart, which is in the news a lot lately, is an umbrella term given to 12 different cyber criminal groups that are specialized in secretly implanting a special piece...
In-Depth Analysis of JS Sniffers Uncovers New Families of Credit Card-Skimming Code
In a world that's growing increasingly digital, Magecart attacks have emerged as a key cybersecurity threat to e-commerce sites. Magecart, which is in the news a lot lately, is an umbrella term given to 12 different cyber criminal groups that are specialized in secretly implanting a special piece...
Eastern Presentation Society APP has information leakage vulnerability
East Presentation Club APP is a hotel booking platform. An information disclosure vulnerability exists in the Dongcheng Club APP. It allows attackers to utilize a packet grabber tool to traverse the Key field to obtain sensitive information about other users...
FanDuel: Passive mixed content issues on the site https://*.fanduel.com
Hello. Summary: While browsing the sites https://www.fanduel.com and https://subscriptionapi.fanduel.com found a mixed content error on the site with HTTPS. This error is located at https://www.fanduel.com/press and https://subscriptionapi.fanduel.com/press. Image are uploaded to the site via HTT...
[Bugtroid] Pentesting for Android
Bugtroid is an innovative tool developed by the team of Bugtraq-Team. The main features of this apk, is that it has more than 200 Android and Linux tools PRO for pentesting and forensics through its Smarthphone or tablet. It has a menu categorized according to the nature of the tool may find:...