Hunan Jiancheng Information Technology Co., Ltd. Jiancheng.com APP has information leakage vulnerability

The Building Program App is a construction and engineering app. There is an information leakage vulnerability in the Construction Engineering APP of Hunan Construction Engineering Information Technology Co. An attacker can register any account, reset any password and perform unauthorized operatio...

Anhui Yuanlu Information Technology Co., Ltd. deer Zhiyou APP there is information leakage vulnerability

Fawn Smart Tour is a smartphone tour guide software that provides hand-drawn maps of attractions, automatic positioning in scenic spots, and accompanied by vivid voice explanations, just like a tour guide on the go. CAPTCHA Design Vulnerability: This vulnerability mainly occurs when logging in,...

Chongqing to the home network technology limited company to the home to buy treasure APP there is information leakage vulnerability

The home has been purchased treasure to provide second-hand housing, new housing, rental housing, stores, information query, transaction brokerage and other services. CAPTCHA information leakage: This vulnerability is mainly in the registration and password retrieval, the server will return the...

Beijing Huijinxing Real Estate Brokerage Co., Ltd. magic sale APP has SMS bombing vulnerability

MagicSale is a new home distribution platform for institutional cooperation, helping brokers of cooperating institutions to effectively develop "inventory customers" in their hands, corresponding their needs to the new home market, and securely realizing the income of institutions and brokers. Th...

Beijing Beifang Founder Electronics Company Limited Economic Reference News APP has information leakage vulnerability

Economic Reference News App is a news and information application. An information leakage vulnerability exists in the Economic Reference News APP of Beijing Beifang Founder Electronics Co. An attacker can register any account, reset any password and perform unauthorized operations by capturing th...

Is two-factor authentication (2FA) as secure as it seems?

Two-factor authentication 2FA was invented to add an extra layer of security to the—now considered old-fashioned and insecure—simple login procedure of entering a username and password. One of the most well-known examples of 2FA is when you try to log into a familiar website from a different...

Caixin Media Limited Caixin App has SMS Bombing Vulnerability

Caixin APP is the must-read financial information client of Caixin Media, providing users with comprehensive, in-depth, instant and accurate financial news and information information. Caixin APP of Caixin Media Co., Ltd. suffers from SMS bombing vulnerability, the vulnerability stems from the...

Information Leakage Vulnerability in Little Tail Translator APP of Language Network (Wuhan) Information Technology Co.

Little Tail Translator is an online translation mobile application of Language Network Wuhan Information Technology Co., Ltd, which realizes translation between multiple languages and can quickly translate words or whole sentences. A vulnerability exists in the Little Tail Translator app, which i...

paypal/permissions-sdk-php cross-site scripting vulnerability

paypal/permissions-sdk-php is a PHP-based Paypal payment software development kit. A cross-site scripting vulnerability exists in the 'verificationcode' parameter of the samples/GetAccessToken.php file in paypal/permissions-sdk-php. A remote attacker could exploit this vulnerability to execute co...

CVE-2018-14596

wancms 1.0 through 5.0 allows remote attackers to cause a denial of service resource consumption via a checkcode aka verification code URI in which the values of fontsize, width, and height are large numbers...

Guangzhou Travel Ease App has SMS Bombing Vulnerability

Guangzhou Travel Easy APP is an information service and online business processing software launched to the public by Guangzhou Public Security Traffic Management Department. There is an SMS bombing vulnerability in Guangzhou Easy Travel APP. An attacker can exploit this vulnerability to replay...

Default credentials

The forgotten-password feature in index.php/member/reset/resetemail.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force...

CVE-2018-11554

The forgotten-password feature in index.php/member/reset/resetemail.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force...

CVE-2018-11554

The forgotten-password feature in index.php/member/reset/resetemail.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force...

CVE-2018-11554

Affected software: YzmCMS v3.2–v3.7 (index.php/member/reset/reset_email.html). Root cause / issue type: response discrepancy information exposure and an unexpectedly long lifetime for the verification code in the forgotten-password flow. Impact (as stated): easier for remote attackers to hijack a...

Arbitrary User Registration Vulnerability in Small Objects App

Small Object APP is a dating software based on mobile internet and big data matching. There is an arbitrary user registration vulnerability in Small Object APP. Attackers can register any account by grabbing packets and blasting the verification code...

Wutong Cat Mall mobile app has logic design flaws

Sycamore Cat Mall Mobile App is an online shopping mall software. There is a logic design vulnerability in Wutong Cat Mall Mobile APP. Attackers can register any account by grabbing packets to get the verification code...

Car Dot App Has Logic Design Flaws

Car Dot APP is a mobile APP product specially created for car owner users, dedicated to providing professional car services. A logical design vulnerability exists in CarDotDot APP. The attacker obtains the corresponding data packets through the cell phone number login function, and then can repla...

Hangzhou Dana Technology Co., Ltd. Shape and Color APP has arbitrary account login vulnerability

Shape and Color is a new app for identifying flowers and sharing nearby flowers launched by Hangzhou Dana Technology Co. An arbitrary account login vulnerability exists in the Shape and Color APP of Hangzhou Dana Technology Co. The vulnerability is due to the failure of the server side to...

One Call Doctor APP has arbitrary account password retrieval vulnerability

The One Call Doctor App is an app for the doctor community that focuses on helping people with quick and easy consultations after a consultation. There is an arbitrary account password retrieval vulnerability in One Call Doctor APP. The vulnerability is due to the server did not do accurate...