View App has a logic design flaw

Viewtec APP is an interactive mobile internet product with video as the main content carrier. There is a vulnerability in the logic design of Videotek APP, which allows an attacker to arbitrarily register users and change account passwords by grabbing packets...

Worth Borrowing App Has Logic Design Flaws

Worth Borrowing App is a comprehensive lending platform with a huge selection of low-interest, low-threshold pure credit cash borrowing products. There is a logical design vulnerability in the Worth Borrowing App, which allows an attacker to log in to the system and perform unauthorized operation...

Block Screen capture option in MDX policies for IOS devices

Question : Block Screen capture option is not available in SecureMail MDX policies for IOS devices. Answer :​ Block screen capture option is available only on Android and not on iOS. Any option which is not available under MDX policies is by default On. Hence the Screen capture/snapshots will be...

Aier Eye Group's Eye Neighborhood Doctor's Edition App for Android Has Logic Design Flaws

Eye Neighborhood Doctor Edition App is an application designed and developed for ophthalmologists and ophthalmology practitioners. The Android version of Eye Neighborhood Doctor Edition APP of Aier Ophthalmology Group has a logic design vulnerability, which allows attackers to successfully regist...

Logic design flaws in BMS CRM APP

CRM APP is a mobile sales customer management platform developed by Xiamen Ruipu Software Technology Co. CRM APP has a logical design loophole, the attacker forgets the password function to capture the packet to obtain the verification code, you can arbitrarily register users and reset any passwo...

Logic design flaws in the Ten Cent Share app

Dime Share app is a smart ad push platform that enables users to get cash rewards by clicking on business information posters. A logical design vulnerability exists in the Dime Share app. An attacker can reset and log into other users' systems by capturing authentication codes in a packet...

Tcpdump PIMv2 Parser Buffer Overflow Vulnerability

Tcpdump is a set of sniffing tools developed by the Tcpdump team that run at the command line. The tools allow users to intercept and display TCP/IP and other packets sent or received over a network connection to that computer.PIMv2 parser is one of the PIM multicast protocol parsers. A buffer...

Tcpdump PPP parser buffer overflow vulnerability (CNVD-2017-28271)

Tcpdump is a set of sniffing tools developed by the Tcpdump team that run under the command line. The tools allow users to intercept and display TCP/IP and other packets sent or received over a network connection to that computer.PPP parser is one of the peer-to-peer protocol parsers. A buffer...

Logic design flaws in the Android version of Eye Neighborhood App of Aire Eye Group

Eye Neighborhood APP is an all-round eye health management application, which monitors your eye health anytime and anywhere, consults with professional ophthalmologists online, and connects with offline eye health medical products to provide users with professional checkups and treatment services...

Tcpdump PIM Parser Buffer Overflow Vulnerability

Tcpdump is a set of sniffing tools developed by the Tcpdump team that run at the command line. The tools allow users to intercept and display TCP/IP and other packets sent or received over a network connection to that computer.PIM parser is one of the PIM multicast protocol parsers. A buffer...

DEBIAN-CVE-2017-14266

tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file, a related issue to CVE-2016-6160...

tcprewrite - Heap-Based Buffer Overflow Vulnerability

Exploit for linux platform in category dos / poc Title: tcprewrite Heap-Based Buffer Overflow CVE: CVE-2017-14266 CWE: CWE-122 Exploit Author: Hosein AskariFarazPajohan Vendor HomePage: http://tcpreplay.synfin.net/ Product Description: When you want to give a PCAP file to someone, it gives away...

DGA-Detection - DGA Domain Detection using Bigram Frequency Analysis

More and more malware is being created with advanced blocking circumvention techniques. One of the most prevalent techniques being used is the use of Domain Generation Algorithms which periodically generates a set of Domains to contact a C&C server. The majority of these DGA domains generate rand...

Struts2 new flaws vulnerability bug（S2-052 presents the use case, and face the vulnerability flaws of the enterprise-the race against time-vulnerability warning-the black bar safety net

Prior to the black bar safety net it S2-052）vulnerabilities done in a special thematic report, I believe we also have understand! Recently from the Cisco Talos experimental study of the analysis chamber and NVISO laboratory for the research staff also found that there was an attacker of real use ...

Hanbanggaoke IP Camera - Arbitrary Password Change

Hanbanggaoke IP Camera - Arbitrary Password Change Vulnerability summary The following advisory describes an arbitrary password change vulnerability found in Hanbanggaoke webcams. Beijing Hanbang Technology, “one of the first enterprises entering into digital video surveillance industry, has been...

PT-2017-12869

Name of the Vulnerable Software and Affected Versions tcpdump versions prior to 4.9.2 Description The issue is related to a buffer over-read in the LLDP parser, specifically in the lldp mgmt addr tlv print function within print-lldp.c. Recommendations For versions prior to 4.9.2, update to versio...

jenkins-plugin-subversion: CSRF vulnerability and insufficient permission checks allow capturing credentials (SECURITY-303)

Subversion Plugin improperly checked permissions, requiring just Item/Build instead of Item/Configure when used. This allows a user to specify an attacker-controlled Subversion server which can then be used to collect credentials used by the Subversion plugin...

EulerOS 2.0 SP2 : tcpdump (EulerOS-SA-2017-1180)

According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker...

EulerOS 2.0 SP1 : tcpdump (EulerOS-SA-2017-1179)

According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker...

Logic design flaws in the Android version of the E-Care Online APP (Patient Side)

E-nursing online platform is a platform that provides professional nursing services for the majority of users through the development of an innovative health care service model by Shenyang Shengtai Internet Technology Co. There is a logical design vulnerability in the Android version of the...