EUVD-2015-0813

Malware in sbrugna...

Spoofing DNS Records by Abusing DHCP DNS Dynamic Updates

...

Insecure Certificate Validation

aws-iot-device-sdk-v2 uses insecure certificate validation. Attackers are able to compromise certificate authorities in their trust stores on macOS, by spoofing DNS records to bypass CA pinning...

Insecure Certificate Validation

aws/aws-iot-device-sdk-js-v2 is vulnerable to Insecure Certificate Validation. Attackers are able to compromise certificate authorities in their trust stores on Linux/Unix, by spoofing DNS records to bypass CA pinning...

Security feature bypass

The Network Location Awareness NLA service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not perform mutual authentication to determine a domain connection, which allows...

[LANs.py] Capture and inject traffic on LAN

Multithreaded asynchronous packet parsing/injecting arp spoofer. Individually arpspoofs the target box, router and DNS server if necessary. Does not poison anyone else on the network. Displays all most the interesting bits of their traffic and can inject custom html into pages they visit. Cleans ...

CVE-2004-0892

Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results...