TCP Stream Replay Tool: TCPCopy

Although the real live flow is important for the test of Internet server applications, it is hard to simulate it as online environments are too complex. To support more realistic testing of Internet server applications, we develop a live flow reproduction tool – TCPCopy, which could generate the...

Aspen: No Rate Limit (Leads to huge email flooding/email bombing)

Dear sir, At first,i want to say that this sensitive action definitely should be set with rate limit. Note:-This is about huge bombing/brute force on any endpoints. Vulnerability:- -No rate limit has been set for generating account confirmation emails for accounts on above selected domain which i...

Arbitrary Account Password Reset Vulnerability in the Android Version of China Machine Car APP

CAMC APP is an electric vehicle time-share rental program carried out by Beijing CAMC New Energy Vehicle Leasing Co. There is an arbitrary account password reset vulnerability in the Android version of CAMC APP. Attackers can reset the account password by grabbing packets, resulting in account...

The Ten Billion Dollar Alliance App Has a Logic Design Flaw

Ten Billion Affiliate App is a service platform that gives users rebate offers. Tianyi Union App has a logical design vulnerability, attackers can register any account and reset any account password by grabbing packets...

Arbitrary Password Reset Vulnerability in Timeshow App

Times Show App is a software that integrates many functions such as topics, beautiful pictures, hot shows, friends, stickers, points, exchange goods and so on. The vulnerability is caused by a password reset vulnerability, which allows an attacker to register any user and reset any password by...

Microbus App for Android suffers from an override access vulnerability

Microbus is a mobile application that integrates the functions of bus inquiry, mobile payment for tickets, bus parking site navigation, and real-time bus operation information view. The Android version of the Microbus app has an overstepping access vulnerability that allows an attacker to log in ...

Arbitrary Password Reset Vulnerability in Xikai Gold Service App

Xikai Gold App is a professional investment and financial management software. Xikai Gold App has any password reset vulnerability, attackers can successfully register any account and reset any account password by grabbing packets...

Windows Packet Divert: WinDivert

Windows Packet Divert WinDivert is a user-mode packet capture-and-divert package for Windows Vista, Windows 2008, Windows 7, Windows 8 and Windows 10. WinDivert allows usermode programs to capture/modify/drop network packets sent to/from the Windows network stack. In summary, WinDivert can captur...

Transit line app has logic design flaws

Bus Line App is a mobile bus software that allows you to check real-time arrival information of city buses and check bus routes. There is a logical design vulnerability in Bus Line App, which allows attackers to register users and reset their passwords arbitrarily by grabbing packets...

Public Transportation eTraffic App Has Logic Design Flaws

Bus eLutong is a free smartphone-based real-time bus information query software officially released by Beijing Public Transportation Group. There is a logical design vulnerability in Bus eLutong App, which allows an attacker to arbitrarily register a user and reset any user's password by grabbing...

PCG Travel Android App Has Logic Design Flaws

PCG Travel Android APP is a B2B2C travel service platform. PCG Travel Android APP has a logical design vulnerability. After registering, an attacker can reset any account password by grabbing packets to bypass the CAPTCHA through the forgot password function...

Vivo Bike Share Android App Has Logic Design Flaws

Vivo Bike Share Android APP is a bike sharing rental software. There is a logic design vulnerability in Vivi Bike Sharing Android APP. Attackers can register any account by grabbing packets and blasting CAPTCHA...

Touhou Shared Bike Android App Has Logic Design Flaws

TouTou Shared Bike Android APP is a shared bike travel software for cities. A logical design vulnerability exists in TouTou Shared Bicycle Android APP. An attacker can log in to any user account and perform unauthorized operations by grabbing packets and blasting CAPTCHA...

Xin Online APP has logic design flaws

XIN ONLINE APP is a mobile home search software that integrates the functions of second-hand house, rental house and new house. Xin Online APP has a logical design vulnerability. Attackers can register any user and reset any password by grabbing packets to get the verification code through the...

Beauty Assistant App Has Logic Design Flaws

Beauty Assistant APP is a retouching software. There is a logical design vulnerability in Beauty Assistant APP. Attackers can register any account by grabbing packets and blasting CAPTCHA...

Introducing pywintrace: A Python Wrapper for ETW

Introduction Event tracing for Windows ETW is a lightweight logging facility first introduced with Windows 2000. Originally intended as a software diagnostic, troubleshooting and performance monitoring tool, it was greatly expanded in Windows Vista to create a lightweight debugging mechanism. The...

Introducing pywintrace: A Python Wrapper for ETW

Introduction Event tracing for Windows ETW is a lightweight logging facility first introduced with Windows 2000. Originally intended as a software diagnostic, troubleshooting and performance monitoring tool, it was greatly expanded in Windows Vista to create a lightweight debugging mechanism. The...

Arbitrary Account Password Reset Vulnerability in Haiwell Cloud SCADA Android App

Haiwell Cloud SCADA is an industrial automation monitoring and management platform software based on .NET Framework developed by Xiamen Haiwell Technology Co. An arbitrary account password reset vulnerability exists in the Haiwell Cloud SCADA Android APP. An attacker can reset any account passwor...

Introducing pywintrace: A Python Wrapper for ETW

ARCHIVED STORY Introducing pywintrace: A Python Wrapper for ETW By Anthony Berglund, Kevin Boyd · September 19, 2017 Introduction Event tracing for Windows ETW is a lightweight logging facility first introduced with Windows 2000. Originally intended as a software diagnostic, troubleshooting and...

Tai Financial App has an arbitrary cell phone number registration loophole

Tai Financial App is an investment and financial management software. There is an arbitrary cell phone number registration vulnerability in Tai Wealth Management APP. Attackers can register any account and perform unauthorized operations by bypassing the authentication code through grabbing packe...