Only Circle app has a logic design flaw

The Only Circle app is a circle DIY platform with social features. There is a vulnerability in the logic design of the Only Circle app. An attacker can register any account, reset any password and perform unauthorized operations by capturing packets and blasting CAPTCHA...

Huicheng Gold app has logic design flaws

The Huicheng Gold app is an internet-based lending software. There is a logical design vulnerability in the Huicheng Gold Service app. Attackers can log into other users' systems, reset arbitrary passwords and perform unauthorized operations by capturing verification codes through packet grabbing...

Phoenix Gold app has logic design flaws

Phoenix Gold app is a financial information service platform created by Shenzhen Jinshi Internet Financial Service Co. Phoenix Gold Service app has a logical design vulnerability. Attackers can log in to other users' systems, reset arbitrary passwords and perform unauthorized operations by...

Rice Gold app has logic design flaws

Paddy Gold app is a financial service platform created by Xiamen Golden Paddy Financial. A logical design vulnerability exists in the Paddy Gold app. Attackers can log in to other users' systems, reset arbitrary passwords and perform unauthorized operations by capturing authentication codes in a...

Chongqing Cable Networks Come to the Point app suffers from overstepping access vulnerability

Lai Dot app is an exclusive service for Chongqing Cable broadband subscribers to watch videos, just download and install the client on smart mobile terminals such as cell phones and flat-panel computers and then access Chongqing Cable WIFI network to enjoy the viewing experience. Chongqing Cable ...

People's Liberation Army Naval General Hospital Android app has password bypass vulnerability

The Naval General Hospital app is a handheld medical platform launched by the Naval General Hospital of the Chinese People's Liberation Army. A password bypass vulnerability exists in the People's Liberation Army Naval General Hospital Android App. An attacker can log into the VIP account and...

Monitoring Windows Console Activity (Part 2)

This is the second of two blogs that discuss the implementation of the Windows console architecture from years past, with a primary focus on the current implementation present on modern versions of Windows. Read our first blog, "Monitoring Windows Console Activity Part 1," for more. Capturing the...

Override access vulnerability in the Academic Management System of the Gardener Teaching and Learning Management Platform

The Gardener Instructional Management Platform is a comprehensive school management platform that focuses on teaching as an integrated management program. There is an override access vulnerability in the academic management system of the Gardener Teaching Management Platform. After logging in to...

Cloud Inspection App for Android has a logic flaw

Cloud Inspection is a scanning application authorized by the Entry-Exit Inspection and Quarantine Bureau, which allows you to find out the price, origin, date of entry, inspection and quarantine information of the goods. There is a logical loophole in the Android version of the Cloud Inspection...

MacroAsia Financial App Has Logic Design Flaws

Hongya Finance is an internet financial information intermediary platform operated by Hangzhou Hongya Financial Information Service Co., Ltd, focusing on supply chain finance and asset package transfer business. There is a logical design loophole in the APP of Hongya Financial, and the attacker c...

Debian DLA-1070-1 : qemu security update

Multiple vulnerabilities were discovered in qemu, a fast processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2017-6505 Denial of service via infinite loop in the USB OHCI emulation CVE-2017-8309 Denial of service via VNC audio capture...

[SECURITY] [DLA 1071-1] qemu-kvm security update

Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u23 CVE ID : CVE-2017-6505 CVE-2017-8309 CVE-2017-10664 CVE-2017-11434 Multiple vulnerabilities were discovered in qemu-kvm, a full virtualization solution for Linux hosts on x86 hardware with x86 guests based on the Quick EmulatorQemu. CVE-2017-6505...

Shenzhen Yuanzheng Technology golo Android APP has overstepped access vulnerability

golo APP is a social networking application that uses instant messaging as a communication platform to connect automotive repair technicians with car owners. Shenzhen Yuanzheng Technology's golo Android APP has an overstepping access vulnerability, which allows an attacker to view any registered...

Scientific Linux Security Update : tcpdump on SL7.x x86_64 (20170801)

The following packages have been upgraded to a later upstream version: tcpdump 4.9.0. Security Fixes : - Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send special...

EggShell - iOS/macOS Remote Administration Tool

EggShell is an iOS and macOS post exploitation surveillance pentest tool written in Python. This tool creates 1 line multi stage payloads that give you a command line session with extra functionality. EggShell gives you the power and convenience of uploading/downloading files, taking pictures,...

Hack with Metasploit: Announcing the UNITED 2017 CTF

Got mad skillz? Want mad skillz? This year at Rapid7s annual UNITED Summit, were hosting a first-of-its-kind Capture the Flag CTF competition. Whether youre a noob to hacking or a grizzled pro, youll emerge from our 25-hour CTF with more knowledge and serious bragging rights. Show off your 1337...

Shandong government service app for Android has overstepping access vulnerability

Shandong government service APP is a government information software created by the Shandong Government Office. The software can release the latest information of Shandong government services in time, support personalized subscription, full-text search function, to provide faster service for the...

Create a Fake AP and Sniff Data: mitmAP

A python program to create a fake AP and sniff data new in 2.0: SSLstrip2 for HSTS bypass Image capture with Driftnet TShark for command line .pcap capture Features: SSLstrip2 Driftnet Tshark Full featured access point, with configurable speed limit mitmproxy Wireshark DNS Spoofing Saving results...

Visualize network Topologies From pcap Files: PcapViz

PcapViz visualizes network topologies and provides graph statistics based on pcap files. It should be possible to determine key topological nodes or data exfiltration attempts more easily. Features Draw network topologies Layer 2 and communication graphs Layer 3 and 4 Network topologies contain...

Packet Manipulation Framework: PcapPlusPlus

PcapPlusPlus is a multiplatform C++ network sniffing and packet parsing and manipulation framework. PcapPlusPlus is meant to be lightweight, efficient and easy to use. What makes PcapPlusPlus different from similar C++ wrappers for libpcap/WinPcap? Designed to be lightweight and efficient Support...