Kangaroo Life App has a Bursting Vulnerability

Kangaroo Life App is a mobile lending software. Kangaroo Life APP has a blasting vulnerability. Attackers can log in to any account by grabbing packets and blasting CAPTCHA...

Arbitrary User Registration Vulnerability in Small Objects App

Small Object APP is a dating software based on mobile internet and big data matching. There is an arbitrary user registration vulnerability in Small Object APP. Attackers can register any account by grabbing packets and blasting the verification code...

Security update for wireshark (moderate)

This update for wireshark fixes the following issues: Minor vulnerabilities that could be used to trigger dissector crashes or cause excessive memory use by making Wireshark read specially crafted packages from the network or capture files boo1094301: - CVE-2018-11356: DNS dissector crash -...

Airpydump - Analyze Wireless Packets On The Fly. Currently Supporting Three Working Modes (Reader, Live, Stealth)

Analyze Wireless Packets on the fly. Currently supporting three working Modes Reader, Live, Stealth Description airpydump is a wireless packet analyzer, providing the interface most likely that of airodump-ng from aircrack suite. It currently provides three working modes which are Reader, Stealth...

Peanut Metro WIFI APP has logic design flaws

Peanut Metro WIFI APP is a free wifi software for metro launched by Peanut Technology. There is a logical design vulnerability in Peanut Metro WIFI APP. Attackers can reset any password by forgetting the password function and utilizing packet capture and blasting to obtain the verification code...

CVE-2018-8860

The CVE affects Vecna VGo Robot—versions 3.0.3.52164 and 3.0.3.53662 (earlier versions may also be affected). The flaw enables an attacker on an adjacent network to capture firmware updates, exposing sensitive information and potentially enabling further compromise. The NVD/ICSA data record a CVS...

Override Access Vulnerability in the Swish Open App

Swish and Drive App is a rental car for traveling. A vulnerability exists in Swish and Drive APP. An attacker can gain access to sensitive information by grabbing packets and modifying IDs...

Wutong Cat Mall mobile app has logic design flaws

Sycamore Cat Mall Mobile App is an online shopping mall software. There is a logic design vulnerability in Wutong Cat Mall Mobile APP. Attackers can register any account by grabbing packets to get the verification code...

Logic flaw vulnerability in the practical internship management support platform developed under the Higher Education Publishing House umbrella

The Higher Education Publishing House Practice Internship Management Support Platform is a system that provides practice internship management. A logic flaw vulnerability exists in the Practice Internship Management Support Platform developed under the Higher Education Publishing House. An attack...

Git-All-Secrets - A Tool To Capture All The Git Secrets By Leveraging Multiple Open Source Git Searching Tools

git-all-secrets is a tool that can: Clone multiple public/private github repositories of an organization and scan them, Clone multiplepublic/private github repositories of a user that belongs to an organization and scan them, Clone a single public/private repository of an organization and scan it...

Buffer overflow

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, the vswr capture size is larger than the maximum size of a diag logPacket, which can lead to a buffer overflow when the sample buffer is copied to the logPacket buffer...

tcpdump: buffer overflow in the sliplink_print function

A vulnerability was discovered in tcpdump's handling of LINKTYPESLIP pcap files. An attacker could craft a malicious pcap file that would cause tcpdump to crash when attempting to print a summary of packet data within the file...

tcpdump: Buffer overflow in util-print.c:bittok2str_internal()

A vulnerability was found in tcpdump's verbose printing of packet data. A crafted pcap file or specially crafted network traffic could cause tcpdump to write out of bounds in the BSS segment, potentially causing tcpdump to display truncated or incorrectly decoded fields or crash with a segmentati...

tcpdump: Buffer over-read in print-isoclns.c:isis_print_id() in ISO IS-IS parser

The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isisprintid...

tcpdump: Buffer over-read in print-isoclns.c:esis_print() in ISO ES-IS parser

The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esisprint...

Network Security Monitoring: Security Onion

Network Security Monitoring NSM is, put simply, monitoring your network for security related events. It might be proactive, when used to identify vulnerabilities or expiring SSL certificates, or it might be reactive, such as in incident response and network forensics. Whether you’re tracking an...

Moloch - An Open Source, Large Scale, Full Packet Capturing, Indexing, And Database System

Moloch is an open source, large scale, full packet capturing, indexing, and database system. Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP...

SAP HANA Information Disclosure Vulnerability (CNVD-2018-07951)

SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions, users can directly query and analyze a large amount of real-time business data. A security vulnerability exists in the optional capture&replay functionality in SAP HANA versions...

Design/Logic Flaw

protected\apps\member\controller\shopcarController.php in Yxcms building system compatible cell phone v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture...

CVE-2018-8761

protected\apps\member\controller\shopcarController.php in Yxcms building system compatible cell phone v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture...