Hefei Yingyun Information Technology Co., Ltd. ordering good APP there is a verification code leakage vulnerability

OrderGood APP is an omni-channel order platform, distribution platform APP. There is a verification code leakage vulnerability in the Ordering Good APP of Hefei Yingyun Information Technology Co. Attackers can log into other user accounts by grabbing packets to get the verification code...

Shanghai Lehigh Network Technology Co., Ltd. bug house APP has multiple vulnerabilities

Bug House App is a home service software. Shanghai Lehigh Network Technology Co., Ltd Bug House APP exists arbitrary user registration and arbitrary user password reset vulnerability. Attackers can register any account and reset any password by grabbing packets and blasting the verification code...

MIMI APP of Shenzhen Xinyi Network Co., Ltd. suffers from arbitrary number registration vulnerability

MIMI APP is an app that focuses on voice socialization. There is an arbitrary number registration vulnerability in MIMI APP of Shenzhen Xinyi Network Co. Attackers can register any account by grabbing packets and blasting the verification code...

Palo Alto Networks PAN-OS 8.0.x < 8.0.6-h3 Web Interface Packet Capture Management Unspecified Remote Command Injection

The version of Palo Alto Networks PAN-OS running on the remote host is 8.0.x prior to 8.0.6-h3. It is, therefore, affected by an unspecified flaw in the web interface packet capture management that allows an authenticated user to inject arbitrary commands. C Tenable Network Security, Inc...

openSUSE Security Update : wireshark (openSUSE-2017-1337)

This update for wireshark to version 2.2.11 fixes the following issues : Minor vulnerabilities that could be used to trigger dissector crashes by making Wireshark read specially crafted packages from the network or capture files boo1070727 : - CVE-2017-17084: IWARPMPA dissector crash...

X (Formerly Twitter): No Rate Limit in email leads to huge Mass mailings

Hi Team, I have found a logical flawNOT DoS in the website 'https://app.mopub.com/' 1.Use Burp Suite and capture below request upon navigation to Code integration 2.Click on Send button after entering email address in the input field of 'Enter one or more email addresses and we'll send you links ...

Path traversal

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device...

CVE-2017-8865

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device...

CVE-2017-8865

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device...

CVE-2017-8865

CVE-2017-8865 affects Elemental Path’s CogniToys Dino, with firmware version 0.0.794 and earlier. The vulnerability allows an attacker on the network to replay VoIP traffic between a Dino device and a remote server to another Dino device, indicating a capture-replay flaw in the Dino’s communicati...

CVE-2017-8865

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device...

CVE-2017-15940

The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors...

Code injection

The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors...

CVE-2017-15940

The CVE-2017-15940 issue affects PAN-OS web interface packet capture management across multiple releases: 6.1.x &lt; 6.1.19, 7.0.x &lt; 7.0.19, 7.1.x &lt; 7.1.14, and 8.0.x

CVE-2017-15940

The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors...

Arbitrary User Registration and Arbitrary User Password Reset Vulnerabilities in Loan Plus Plus App

Loan Plus Plus App is a loan software platform. The Loan Plus Plus APP is vulnerable to arbitrary user registration and arbitrary user password reset. An attacker can register any user and reset any password by capturing the verification code in a packet...

Uber: SSL-protected Reflected XSS in m.uber.com

Summary m.uber.com is susceptible to reflected XSS Security Impact A malformed URL can be used to render arbitrary SSL-protected web pages from m.uber.com Reproduction Steps https://m.uber.com/?bjbxm%3c%2fscript%3e%3cscript%3ealert1%3c%2fscript%3exrii5=1 Specifics From the rendered web page:...

HOT Man Android App Has Information Leakage Vulnerability

HOT Man Android APP is a mobile magazine software. There is an information leakage vulnerability in HOT Man Android APP. After registering and logging in to the system, an attacker can obtain sensitive information such as other users' UIDs, names, and cell phone numbers by clicking on "My Avatar"...

The Mutiny Fuzzing Framework and Decept Proxy

This blog post is authored by James Spadaro of Cisco ASIG and Lilith Wyatt of Cisco Talos. Imagine a scenario where you, as a vulnerability researcher, are tasked with auditing a network application to identify vulnerabilities. By itself, the task may not seem too daunting until you learn of a...

Palo Alto Networks PAN-OS Remote Command Injection Vulnerability

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. web interface packet capture management component is one of the web interface packet capture management components. A remote command injection vulnerability exists in the web interface packe...