Arbitrary Account Password Reset Vulnerability in OnStar iOS Client Server

OnStar iOS client is a smart driving system. An arbitrary account password reset vulnerability exists in the OnStar iOS client server. An attacker can reset the password of any client and perform unauthorized operations by intercepting the verification code in a packet...

Dictionary of Medicine App is vulnerable to arbitrary account registration

Pharmaceutical Dictionary APP is a Chinese-English translation dictionary software for medical, pharmaceutical and other professionals under Medical Pulse. There is a logical design vulnerability in Dictionary of Medicine APP. An attacker can register any account by grabbing packets to get the...

Tongcun Village App suffers from arbitrary user login vulnerability

Tongcun Village App is a smart travel application for villagers. There is an arbitrary user login vulnerability in Tongcun Village APP. Attackers can log in to any user account by grabbing packets and bursting the verification code...

Arbitrary User Registration Vulnerability in Healthcare Hospital App

Jianqi Hospital APP is a health service APP which integrates various forms of services such as "Ask Doctor + Self-diagnosis + Online Drug Purchase" and so on. There is an arbitrary user registration vulnerability in Jianke Hospital APP. Attackers can register any account by capturing packets and...

Multiple Vulnerabilities in Photo Composer App

Picture Synthesizer APP is a picture synthesizer mobile software. Picture Synthesizer APP has arbitrary account registration and arbitrary password reset vulnerabilities. An attacker can register any account and reset any password by grabbing packets to get the verification code...

Parent Helper App Has Multiple Vulnerabilities

Parent's Helper APP is a mobile home-school communication software developed by Beijing Aopeng Distance Education Center Co. The Parent's Helper APP is vulnerable to arbitrary user registration and arbitrary password reset. An attacker can register any account and reset any password by capturing...

Tinkerbell Mall app has a logic design flaw at the verification code

Tinker Mall app is a mobile app for trading time and skills. A logic design vulnerability exists at the Tinkerbell Mall app verification code. An attacker can register an arbitrary account by exploiting the vulnerability...

EYEE Beehive App Has Logic Design Flaws

EYEE Bee Tide App is an online shopping app. There is a logical design vulnerability in EYEE Beehive APP. An attacker can register any account and reset any password by grabbing packets and bursting the verification code...

Dual Opening Assistant App has a logical design flaw

Double Open Assistant APP is a game assistance application. There is a logical design vulnerability in Dual Open Assistant APP. Attackers can arbitrarily register users and reset arbitrary passwords by capturing packets to obtain verification codes...

TeleShadow - Telegram Desktop Session Stealer (Windows)

Stealing desktop telegrams has never been so easy ! Set the email and sender details of the sender and recipient and send it to the victim after compiling. How do I use the session file? Delete everything inside folder at "C:\Users\YourName\AppData\Roaming\Telegram Desktop\tdata" Then Replace...

There are logic design flaws in the App of Promotion e-Network.

The App is a comprehensive learning and teaching aid product for high school students that integrates online learning, volunteer application, psychological counseling, and community communication. There is a logic design vulnerability in the Study eNET APP. Attackers can register any account and...

Logic design flaws in Zhongxinxin Sharing App

Zhongxinxin Sharing App is a car sharing software that allows you to book car reservations online. There is a logical design vulnerability in Zhongxinxin Sharing APP. An attacker can reset any password by grabbing packets to get the verification code through the forgot password function...

Arbitrary Account Password Reset Vulnerability in Haiwell Cloud SCADA Android App

Haiwell Cloud SCADA is an industrial automation monitoring and management platform software based on .NET Framework developed by Xiamen Haiwell Technology Co. An arbitrary account password reset vulnerability exists in the Haiwell Cloud SCADA Android APP. An attacker can reset any account passwor...

Worth Borrowing App Has Logic Design Flaws

Worth Borrowing App is a comprehensive lending platform with a huge selection of low-interest, low-threshold pure credit cash borrowing products. There is a logical design vulnerability in the Worth Borrowing App, which allows an attacker to log in to the system and perform unauthorized operation...

Palm North App has multiple vulnerabilities

Palm Shang Beiguo APP is a comprehensive mobile media platform created by Shijiazhuang Beiren Group, which integrates online shopping, member services, e-membership, member e-wallet, integral activities, coupon issuance, parking, navigation, scheduling, seat selection and other services. There ar...

Logic design flaws in the Android version of the E-Care App

E Nursing APP is a platform that provides professional nursing services for the majority of users through the development of an innovative health care service model by Shanghai Moyi Information Technology Development Co. There is a logical design vulnerability in the Android version of the E-Care...

One One Travel App Has Logic Design Flaws

One Rent Car is a new energy car time-share rental APP developed by Beijing One Rent Technology Co. One One Travel APP has a logical design vulnerability, attackers can successfully log in by grabbing packets to obtain the verification code...

Shandong government service app for Android has SMS bombing vulnerability

Shandong government service APP is a government information software created by the Shandong Government Office. The software can release the latest information of Shandong government services in time, support personalized subscription, full-text search function, to provide faster service for the...

Cuvva: Verification code for Underwriter dashboard can be brute-forced

Hi Cuvva, On the page of Underwriter dashboard https://underwriter.partner.cuvva.com/login/verify, the first option is to enter the email address of the person having the access to dashboard. I entered the email address of the guy whose email address was getting displayed in the bug:...

Trello: Phone verification code fails to expire and can be used multiple times also in different accounts to verify same cellphone number on Trello.com

Hi there Trello Security Team , I have noticed a certain behaviour at https://trello.com . What I belief to be a bug . Firstly , I would like to mention it is possible to use same cellphone number on multiple accounts without any problem , which I considere to be a security issue . I chose to...