MiracleLinux 4 : rh-postgresql94-postgresql-9.4.12-1.AXS4 (AXSA:2017-1728:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1728:01 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll ne...

EUVD-2016-7554

Malware in sbrugna...

EUVD-2020-26152

Malware in sbrugna...

EUVD-2024-17257

Malicious code in bioql PyPI...

EUVD-2021-2915

Malicious code in bioql PyPI...

mitmf

This is a Python-based framework for Man-In-The-Middle MITM attacks, called MITMf. It is designed to provide a one-stop-shop for various network attacks and techniques. The framework contains a built-in SMB, HTTP, and DNS server that can be controlled and used by various plugins. It also includes...

CVE-2024-1509 Brocade ASCG 3.2.0 web interface does not enforce HSTS, as defined by RFC 6797 for ports 8030 and 8100

Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks...

CVE-2024-1509 Brocade ASCG 3.2.0 web interface does not enforce HSTS, as defined by RFC 6797 for ports 8030 and 8100

Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks...

CVE-2024-1509

CVE-2024-1509 affects Brocade ASCG prior to version 3.2.0, where the web interface does not enforce HTTP Strict Transport Security (HSTS) for ports 8030 and 8100. Root cause: missing HSTS enforcement increases susceptibility to downgrade and SSL-stripping MITM attacks and weakens cookie-hijacking...

Xepor - Web Routing Framework For Reverse Engineers And Security Researchers, Brings The Best Of Mitmproxy And Flask

Xepor pronounced /ˈzɛfə/ , zephyr, a web routing framework for reverse engineers and security researchers. It provides a Flask-like API for hackers to intercept and modify HTTP request and/or HTTP response in a human-friendly coding style. This project is meant to be used with mitmproxy. User wri...

Design/Logic Flaw

The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security HSTS. HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade...

CVE-2021-0296

The CVE-2021-0296 entry concerns Juniper Networks CTPView server not enforcing HTTP Strict Transport Security (HSTS). Affected versions are Juniper CTPView 7.3 before 7.3R7 and 9.1 before 9.1R3. Root cause: lack of HSTS header enforcement, which can enable downgrade attacks, SSL-stripping MITM, a...

Over 25% Of Tor Exit Relays Spied On Users' Dark Web Activities

An unknown threat actor managed to control more than 27% of the entire Tor network exit capacity in early February 2021, a new study on the dark web infrastructure revealed. "The entity attacking Tor users is actively exploiting tor users since over a year and expanded the scale of their attacks ...

CVE-2020-4905

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an attacker could exploit this vulnerability to obtain sensitive information...

Information disclosure

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an attacker could exploit this vulnerability to obtain sensitive information...

CVE-2020-4905

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an attacker could exploit this vulnerability to obtain sensitive information...

CVE-2020-4905

CVE-2020-4905 affects IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4. The root cause is a man‑in‑the‑middle vulnerability enabling SSL striping, which could allow a remote attacker to obtain sensitive information, impacting confidentiality. Public references in conn...

Web Pen-Test Practice Application: OWASP Mutillidae

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. The existing version can be updated on...

CVE-2016-6650

EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system...

CVE-2016-6650

EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system...