Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

man-in-the-middle vulnerabilities and exploits

(subscribe to this query)

935
VMScore
CVE-2009-0465
The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\0' character, which bypasses the intended .box...
Synactis All In The Box.ocx 3
668
VMScore
CVE-2005-1868
I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension....
I-man I-man 0.2I-man I-man 0.3I-man I-man 0.4I-man I-man 0.5I-man I-man 0.6I-man I-man 0.7I-man I-man 0.8I-man I-man 0.9
481
VMScore
CVE-2014-7421
The Revel in the Rideau Lakes (aka com.mytoursapp.android.app326) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate....
Mytoursapp Revel In The Rideau Lakes 1.0.6
465
VMScore
CVE-2003-0124
man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value "unsafe," which is then executed as a program via a system call if it is in the search path...
Andries Brouwer Man 1.5h1Andries Brouwer Man 1.5iAndries Brouwer Man 1.5i2Andries Brouwer Man 1.5jAndries Brouwer Man 1.5k
465
VMScore
CVE-2003-0620
Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to...
Andries Brouwer Man 2.3.18Andries Brouwer Man 2.3.19Andries Brouwer Man 2.3.20Andries Brouwer Man 2.4Andries Brouwer Man 2.4.1
383
VMScore
CVE-2018-17046
translate man before 2018-08-21 has XSS via containers/outputBox/outputBox.vue and store/index.js....
Translate Man Project Translate Man
445
VMScore
CVE-2018-14429
man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI....
Man-cgi Project Man-cgi
725
VMScore
CVE-2015-1336
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use....
Man-db Project Man-db
435
VMScore
CVE-2005-4435
Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information....
Abledesign D-man 3.0
465
VMScore
CVE-2003-0645
man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE directives from the ~/.manpath file, even when running setuid, which could allow local users to gain privileges....
Andries Brouwer Man 2.3.20Andries Brouwer Man 2.4.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
wirelesstoodeequinn projecttype confusionCVE-2021-26857scratchpadCVE-2020-29020man-in-the-middleibmCVE-2021-26971CVE-2021-28032CVE-2021-21725CVE-2021-26855