Out-of-authority access vulnerability in Butler Smart App for Android

The Butler Smart App is a mobile application that goes along with the smart cat eye device. The Android version of Butler Smart APP suffers from an overstepping access vulnerability, which allows an attacker to log in to other users' systems and perform unauthorized operations by grabbing packets...

Wise Heat Temperature Control App for Android has an arbitrary account password reset vulnerability

Smart Heat Temperature Control APP a home temperature control software, users only need to add the home's Internet-accessible thermostat to the software, you can use your phone or tablet to control the temperature of your home's HVAC equipment. The Android version of Smart Heat Temperature Contro...

sAINT - A Spyware Generator for Windows systems written in Java

sAINT is a Spyware Generator for Windows systems written in Java. Features Keylogger Take Screenshot Webcam Capture Persistence Tested On KaliLinux - ROLLING EDITION How To Use Install dependencies you need Maven and JDK 8 package installed $ apt install maven default-jdk default-jre openjdk-8-jd...

Cambium Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in Cambium Network Updater Tool and Networks Services Server. The Network Updater Tool is “a free-of-charge tool that applies packages to upgrade the device types that the release notes for the release that you...

Android Flaw Lets Attackers Capture Screen and Record Audio

By Waqas If your Android smartphone has Lolipop, Nougat or Marshmallow, then This is a post from HackRead.com Read the original post: Android Flaw Lets Attackers Capture Screen and Record Audio...

HackerOne: IDOR on Program Visibilty (Revealed / Concealed) against other team members

Hi HackerOne Team, Summary: When you are a part of a program security team, you have a choice to show in your profile that you are a member of the sec team, you can also hide it if you don't want to show it to your profile, any team member can do that using your profile settings here:...

Rimet Wifi Smart Temperature Control Android APP has an override access vulnerability

Rimet Wifi Smart Temperature Control Android APP is a management platform for smart hardware devices. Rimet Wifi Intelligent Temperature Control Android APP has an override access vulnerability. After logging into the client, the attacker can obtain sensitive information such as patient's name,...

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

Top Smart Android APP has logic design flaws

Top Smart Android APP is a marketing management software for the majority of users. The software can help users keep abreast of information developments and activities in the smart home industry. There is a logic design vulnerability in Top Smart Android APP. Attackers can log in to any account b...

Xplico Remote Code Execution

This module exploits command injection vulnerability. Unauthenticated users can register a new account and then execute a terminal command under the context of the root user. The specific flaw exists within the Xplico, which listens on TCP port 9876 by default. The goal of Xplico is extract from ...

Trend Micro Capture the Flag: Train security professionals – Close the skills gap

Businesses today face a security challenge: Protecting their systems and data is vital, but there aren’t enough qualified employees who can successfully make that happen. Similarly, young cybersecurity professionals need to overcome the gap between what is learned in a classroom and the practical...

How to Run Packet Capture on NetScaler SD-WAN WANOP

This article describes how to run packet capture on NetScaler SD-WAN WANOP...

chromium-browser null pointer reference vulnerability

chromium-browser is an open source web browser project started by Google to provide source code for the proprietary Google Chrome browser. A null pointer reference vulnerability exists in the chromium-browser image capture widget. An attacker could exploit the vulnerability to cause a denial of...

Logic design flaws in FeeControl Mobile App

FeeControl Mobile App is a mobile bookkeeping office software. There is a logical design vulnerability in FeeControl Mobile APP. An attacker can log into any account by grabbing packets and blasting the verification code...

Malicious Bulk Registration Vulnerability in Bodivis Android APP of Tongfang Co.

The bodivis Android App is a healthy life management app for use with the bodivis Health Scale and Exercise Bracelet. There is a malicious bulk registration vulnerability in the bodivis Android APP of Tongfang Co. Attackers can bypass the authentication code and register accounts in bulk by...

Libpcap Design Vulnerabilities

libpcap is a C library for network packet capture. A security vulnerability exists in the pcap-linux.c file in version 1.1.1 prior to libpcap commit ea9432fabdf4b33cbc76d9437200e028f1c47c93. A remote attacker can exploit this vulnerability to send arbitrary data with the help of specially crafted...

CloudBees GitHub Branch Source plugin cross-site forgery vulnerability

CloudBees GitHub Branch Source plugin is the U.S. CloudBees company's Jenkins Java-based development of continuous integration tools in a GitHub branch plugin . A cross-site request forgery vulnerability exists in the CloudBees GitHub Branch Source plugin that stems from the program failing to...

iPhone Apps With Camera Permissions Can Secretly Take Your Photos Without You Noticing

Are you a proud iPhone owner? If yes, this could freak you up. Trust me! Your iPhone has a serious privacy concern that allows iOS app developers to take your photographs and record your live video using both front and back camera—all without any notification or your consent. This alarming privac...

Uniview - Remote Command Execution Export Config (PoC)

Uniview - Remote Command Execution Export Config PoC STX Subject: Uniview RCE and export config PoC Researcher: bashis October 2017 Attack Vector: Remote Authentication: Anonymous no credentials needed Export config...

Uniview - Remote Command Execution / Export Config (PoC)

STX Subject: Uniview RCE and export config PoC Researcher: bashis October 2017 Attack Vector: Remote Authentication: Anonymous no credentials needed Export config http://IP:PORT/cgi-bin/main-cgi?json="cmd":255,"szUserName":"","u32UserLoginHandle":-1 -tcpdump- check active capture...