Sql injection

US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter...

CVE-2017-15980

US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter...

CVE-2017-15980

The vulnerability CVE-2017-15980 affects the US Zip Codes Database Script 1.0, where the SQL injection occurs via the state parameter in index.php?action=lookup-county&state=... The connected documents provide concrete details: attacker-supplied state input can be exploited (e.g., UNION-based pay...

Inflection: Limited Account Takeover via Backup codes

Researcher submitted a duplicate of a previously-submitted report and requested public disclosure of this report...

EllaScanner - Passive Web Scanner

Passive web scanner. EllaScanner is a simple passive web scanner. Using this tool you can simply check your site’s security state. Usage: ./Start.py https:// or http:// Scanning of the site consists several phases: At the first phase, you can get recommendations related to http/https headers. The...

Multiple Vulnerabilities in the Magic Fly Broker App

Magic Fly Broker App is a mobile listing management software designed to help brokers increase orders. There are arbitrary user login and arbitrary password reset vulnerabilities in MagicFly Broker APP. Attackers can register any account and reset any password by capturing packets and interceptin...

4S Circle App has arbitrary account registration vulnerability

4S Circle APP is a handheld tool that connects 4S stores and used car trading. 4S Circle APP has an arbitrary account registration vulnerability. Attackers can register any account by grabbing packets to get the verification code...

Honey Raccoon Live App has multiple vulnerabilities

Honey Raccoon Live App is a live streaming platform for real people. There are arbitrary user registration and arbitrary password reset vulnerabilities in Honey Raccoon Live APP. Attackers can register any account and reset any password by grabbing packets to get the verification code...

Men's Health App Has Arbitrary User Login Vulnerability

Men's Health App is a men's health support tool app. There is an arbitrary user login vulnerability in Men's Health APP. Attackers can login to any account registration by grabbing packets to get the verification code...

Arbitrary Account Registration and Password Reset Vulnerabilities in Tea Merchant APP

Tea Merchant APP is a software specialized in serving tea merchants. Tea Merchant APP has arbitrary account registration and password reset vulnerabilities. Attackers can register any account and reset any password by capturing packets and bursting the verification code...

Any Account Registration and Any Password Reset Vulnerabilities Exist in Anxiety Companion App

Anxious companion APP is a companion O2O service platform. There are arbitrary account registration and arbitrary password reset vulnerabilities in Anxin escort APP. Attackers can register any account and reset any password by capturing the verification code...

Logic design flaws in DXN Global App

Dresdner Global App is a shopping software. There is a logical design vulnerability in the DXGlobal APP. An attacker can register any account, reset any password and change the payment amount by obtaining the verification code...

Fast Teeth App Has Logic Design Flaws

Fast Teeth APP is a cell phone transfer software. There is a logical design vulnerability in Fast Teeth APP. Attackers can register any account by grabbing packets and blasting the verification code...

Multiple Vulnerabilities in LaneCat Intranet Security Management System Vulnerabilities

LaneCat is a carrier-grade Internet behavior management system launched by Xiamen Chengchuang Technology Co. LaneCat intranet security management system has denial of service and SQL injection vulnerabilities, attackers can send unlimited verification codes to cell phones to consume server...

Information Leakage Vulnerability in CTG's EZH Mobile APP

EZHI Mobile AP is a one-stop human resources services handheld application platform, covering personnel services, health management, flexible benefits and other business areas, providing online human resources services for registered users and the employees they serve. There is an information...

Mai Dot Mall App has SMS Bombing Vulnerability

MacDot Mall APP is an online shopping software. There is a SMS bombing vulnerability in MaiDot Mall APP. The attacker consumes server resources and causes denial of service by sending unlimited CAPTCHAs to cell phones...

Speedmaster Mom and Pop App has SMS Bombing Vulnerability

Speed Maternity App is a shopping application platform for maternity and baby products. There is an SMS bombing vulnerability in the lucky draw section of the Speed Maternity and Baby APP, where an attacker can obtain a specified prize by modifying the function of the prize ID, and consume server...

The Hutchison App has a logical design flaw

HeSeries is a comprehensive mobile service app developed by Chengdu HeSeries Network Technology Co. There is a logic design vulnerability in the HeSeries app. An attacker can log in to any account and reset any registered user's password by blasting the registration verification code and password...

Bonanza Mall App Registry has SMS Bombing Double Verification Vulnerability

Bonanza Mall APP is a shopping software. There is an SMS bombing double verification vulnerability in the registration of Bonong Mall APP. An attacker can exploit this vulnerability to replay packets sending verification codes without restriction and bombard the client with SMS messages...

OWASP ZSC - Shellcode/Obfuscate Code Generator

OWASP ZSC is an open source software in Python language which lets you generate customized shellcodes and convert scripts to an obfuscated script. This software can be run on Windows/Linux/OSX under Python. Usage of shellcodes Shellcodes are small codes in Assembly language which could be used as...