CVE-2017-5729

Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band and Tri-Band Wireless-AC Products allows remote attacker to replay frames via channel-based man-in-the-middle...

Logic Design Vulnerability in EasyCMS Frontend

EasyCMS is lightweight scalable open source content management program, following the Apache2 open source agreement. A logical design vulnerability exists in the frontend of EasyCMS. Attackers can log into the user center and modify other people's mailboxes and data by intercepting and modifying...

Design/Logic Flaw

An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability...

Design/Logic Flaw

An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability...

Shinex Mobile App Has Logic Design Flaws

Credit Ease Mobile App is a software that helps credit managers to work efficiently. There is a logical design vulnerability in Xinyik Mobile APP. An attacker can log into any account system by capturing packets and bursting the verification code...

International Islamic University Chittagong: Application fees changeable

When i submit the form of the Url http://119.18.148.140/iiuc/home/apply-online then I intercept the form request and change the 500 into 100. Application did not give the option to change the money but by intercepting the request we can change the money. Application should removed the application...

Android Private Internet Access Denial Of Service

Original post here: http://wwws.nightwatchcybersecurity.com/2017/10/25/advisory-pia-android-app-cve-2017-15882/ SUMMARY The Android application provided by Private Internet Access PIA VPN service can be crashed by downloading a large file containing a list of current VPN servers. This can be...

Dangerous liaisons

It seems just about everyone has written about the dangers of online dating, from psychology magazines to crime chronicles. But there is one less obvious threat not related to hooking up with strangers – and that is the mobile apps used to facilitate the process. We're talking here about...

Infogram: Stored Cross-Site scripting in the infographics using links

Description Hello. I discovered, that it is possible to conduct Stored XSS attack in the public infographics pages. Upon pasting the link, we can intercept the request, and change the link source to the malicious - which will result to the Stored XSS POC...

Cross site scripting

A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameter...

Recent Wi-Fi KRACK Vulnerability Affects Almost Everyone With an Endpoint

A vulnerability might allow cyber criminals to intercept data being transmitted between Wi-Fi access points and endpoints, recent research has uncovered. The vulnerability, known as KRACK, short for Key Reinstallation Attacks, affects WPA2, which is widely used by many Wi-Fi enabled devices and c...

The vulnerability of the WPA2 protocol, which stems from errors in managing the cryptographic keys, allows unauthorized access to encrypted information transmitted over a wireless network.

The vulnerability of the WPA2 protocol, which provides security for wireless Wi-Fi networks, is related to errors in the management of cryptographic keys. Exploiting this vulnerability allows a perpetrator within the range of a Wi-Fi network to gain access to encrypted information transmitted ove...

The vulnerability of the WPA2 protocol, which stems from errors in managing the cryptographic keys, allows unauthorized access to encrypted information transmitted over a wireless network.

The vulnerability of the WPA2 protocol, which provides security for wireless Wi-Fi networks, is related to errors in the management of cryptographic keys. Exploiting this vulnerability allows a perpetrator within the range of a Wi-Fi network to gain access to encrypted information transmitted ove...

The vulnerability of the WPA2 protocol, which stems from errors in managing the cryptographic keys, allows unauthorized access to encrypted information transmitted over a wireless network.

The vulnerability of the WPA2 protocol, which provides security for Wi-Fi wireless networks, is related to errors in the management of cryptographic keys. Exploiting this vulnerability allows a perpetrator within the range of a Wi-Fi network to access encrypted information transmitted over the...

MikroTik RouterOS WPA2 Key Reinstallation Vulnerabilities - KRACK

WPA2 as used in MikroTik RouterOS is prone to multiple security weaknesses aka Key Reinstallation Attacks KRACK. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Release the KRACKen: flaw in Wi-Fi security leaves users vulnerable

A serious flaw in the wireless protocol that secures all modern protected Wi-Fi networks has been discovered. How serious? If your device supports Wi-Fi, it is most likely affected. This feasible attack, dubbed KRACK, could abuse design or implementation flaws in the Wi-Fi standard, not some...

Flower Han App Has Logic Design Flaws

Flower Han is a cosmetic surgery and beauty community app. There is a logical design vulnerability in the Flower Han app that allows an attacker to register any user and reset a user's password by grabbing packets and modifying a cell phone number...

Appointment app has logic design flaws

Covenant App is an application that offers to sell your time and skills to earn money. There is a logical design loophole in Dating App that allows attackers to register any user and reset user passwords by grabbing packets and modifying cell phone numbers...

Logic design flaws in Jia Yi Chong App

Jia Yi Charge App is a mobile application for city charging pile information inquiry and use. There is a logical design vulnerability in JiaYiCharge App, which allows an attacker to register any user and reset any user's password by grabbing packets and modifying the cell phone number...

CVE-2017-10623 Junos Space: Insufficient verification of cluster messages

Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to...