5099 matches found
envoy/h1_capture_fuzz_test: NULL
Project: https://github.com/envoyproxy/envoy.git Detailed report: https://oss-fuzz.com/testcase?key=5674755374448640 Project: envoy Fuzzer: libFuzzerenvoyh1capturefuzztest Fuzz target binary: h1capturefuzztest Job Type: libfuzzerubsanenvoy Platform Id: linux Crash Type: Null-dereference READ Cras...
Aircrack-ng 1.4 - Complete Suite Of Tools To Assess WiFi Network Security
Aircrack-ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security: Monitoring: Packet capture and export of data to text files for further processing by third party tools. Attacking: Replay attacks, deauthentication, fake access points and...
8x8: Hardcoded credentials in Android App
The mobile applications contained a URL that included credentials to a third party bug capture API. Access was restricted to pushing bug information...
EggShell - iOS/macOS/Linux Remote Administration Tool
EggShell is a post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine. EggShell gives you the power and convenience of uploading/downloading files, tab completion, taking pictures, location tracking, shel...
Beijing Beifang Founder Electronics Company Limited Economic Reference News APP has information leakage vulnerability
Economic Reference News App is a news and information application. An information leakage vulnerability exists in the Economic Reference News APP of Beijing Beifang Founder Electronics Co. An attacker can register any account, reset any password and perform unauthorized operations by capturing th...
IBM Datacap Fastdoc Capture Authentication Bypass Vulnerability
IBM Datacap Fastdoc Capture is a suite of image document indexing solutions from IBM USA. The product has automatic document recognition and text recognition and other functions. An authentication bypass vulnerability exists in IBM Datacap Fastdoc Capture versions 9.1.1, 9.1.3, and 9.1.4, which c...
CVE-2018-1773
IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. IBM X-Force ID: 148691...
CVE-2018-1773
IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. IBM X-Force ID: 148691...
Authentication flaw
IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. IBM X-Force ID: 148691...
CVE-2018-1773
IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. IBM X-Force ID: 148691...
CVE-2018-1773
IBM Datacap Fastdoc Capture (9.1.1, 9.1.3, 9.1.4) is affected by CVE-2018-1773, an authentication bypass that could allow an authenticated user to bypass future authentication after initial login. The vendor bulletin (Datacap Taskmaster Capture, Datacap Fastdoc Capture, and Datacap Navigator) con...
Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection
Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection Title: Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection Date: 2018-09-08 Author: John Page aka hyp3rlinx Vendor: Microsoft Software link: https://www.microsoft.com/en-us/download/details.aspx?id=7558...
Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection Vulnerability
Exploit for windows platform in category local exploits Title: Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection Author: John Page aka hyp3rlinx Vendor: Microsoft Software link: https://www.microsoft.com/en-us/download/details.aspx?id=7558 Software Version: 2.3 References:...
Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection
Title: Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection Date: 2018-09-08 Author: John Page aka hyp3rlinx Vendor: Microsoft Software link: https://www.microsoft.com/en-us/download/details.aspx?id=7558 Software Version: 2.3 References: ZDI-CAN-6307 References:...
You bet your mobile app consumers are willing to pay with their smartphone
For almost 10 years, there has been a debate over mobile app versus mobile web. Which strategy is right for your business and will consumers really ever buy something with a mobile device? Some of these questions have been clearly answered with time, but some aspects of the debate continue. The...
CVE-2018-16157
waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart&a=save itemtotals parameter to zero, the entire cart is sold for free...
Design/Logic Flaw
waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart&a=save itemtotals parameter to zero, the entire cart is sold for free...
CVE-2018-16157
The CVE-2018-16157 entry describes a logic flaw in waimai Super Cms 20150505 where attackers can modify the price before form submission by observing data in a packet capture. By setting the index.php?m=cart&a=save item_totals parameter to zero, the entire cart can be sold for free. The available...
X (Formerly Twitter): HTTPS is not validating TLS mac codes
https://twitterflightschool.com is prone to POODLE and also a stronger variant of POODLE which allows a MITM attacker to actively decrypt bytes from an HTTPS request. This attack is possible because the device terminating this TLS connection responds differently to a bad record mac when the last...
PHPOKCMS has a logical design flaw
PHPOKCMS is an enterprise station CMS system developed in PHP+MYSQL language. A logical design vulnerability exists in PHPOKCMS. Attackers can log in to other accounts by grabbing packets and blasting CAPTCHA...