Sharing Premium App Has Logic Design Flaws

Shared Premium APP is a mobile software that focuses on saving money on online shopping. Sharing Premium APP has a logical design loophole, the attacker can arbitrarily register users and arbitrarily reset passwords by grabbing packets and bursting verification codes...

Denial of Service Vulnerability in Wireless Suzhou APP Registry

Wireless Suzhou APP is the "Internet +" city life application software created by Suzhou Radio and TV Station Group. A denial of service vulnerability exists in the registration of Wireless Suzhou APP, which allows an attacker to send unlimited verification codes to a cell phone, consuming server...

Logic design flaws in BMS CRM APP

CRM APP is a mobile sales customer management platform developed by Xiamen Ruipu Software Technology Co. CRM APP has a logical design loophole, the attacker forgets the password function to capture the packet to obtain the verification code, you can arbitrarily register users and reset any passwo...

Logic design flaws in the Ten Cent Share app

Dime Share app is a smart ad push platform that enables users to get cash rewards by clicking on business information posters. A logical design vulnerability exists in the Dime Share app. An attacker can reset and log into other users' systems by capturing authentication codes in a packet...

Logic design flaws in the Android version of Eye Neighborhood App of Aire Eye Group

Eye Neighborhood APP is an all-round eye health management application, which monitors your eye health anytime and anywhere, consults with professional ophthalmologists online, and connects with offline eye health medical products to provide users with professional checkups and treatment services...

Microsoft Windows kernel Pool overflow flaws vulnerabilities bug:object is a combination of Spray vulnerability use-vulnerability warning-the black bar safety net

This article I will first briefly introduce a Foundation with the Windows kernel pool overflow exploit bugs, flaws, and how to use hybrid kernel object radiation the kernel pool, via a process shrouded TypeIndex order to achieve flaws in the application. 0x01 the first volume In the added complet...

Denial of Service Vulnerability in EZZY APP for Android

EZZY APP is a car intelligent sharing platform APP created by Beijing Daimeng Technology Co. A denial of service vulnerability exists in the Android version of EZZY APP, which allows an attacker to traverse a cell phone number and consume server resources by sending an unlimited number of...

Huicheng Gold app has logic design flaws

The Huicheng Gold app is an internet-based lending software. There is a logical design vulnerability in the Huicheng Gold Service app. Attackers can log into other users' systems, reset arbitrary passwords and perform unauthorized operations by capturing verification codes through packet grabbing...

Phoenix Gold app has logic design flaws

Phoenix Gold app is a financial information service platform created by Shenzhen Jinshi Internet Financial Service Co. Phoenix Gold Service app has a logical design vulnerability. Attackers can log in to other users' systems, reset arbitrary passwords and perform unauthorized operations by...

Six Degrees of Gold app has logic design flaws

Six Degrees Gold app is an internet investment banking platform. Six Degrees of Gold app has a logical design vulnerability. Attackers can log into other users' systems, reset arbitrary passwords and perform unauthorized operations by capturing authentication codes in a packet...

Rice Gold app has logic design flaws

Paddy Gold app is a financial service platform created by Xiamen Golden Paddy Financial. A logical design vulnerability exists in the Paddy Gold app. Attackers can log in to other users' systems, reset arbitrary passwords and perform unauthorized operations by capturing authentication codes in a...

CVE-2017-13774

Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to generate password-recovery codes via unspecified vectors...

Yiwu Shopping App has Denial of Service Vulnerability

Yiwubuy APP is a B2B small commodities wholesale and retail procurement platform. Yiwu Shopping APP has a denial-of-service vulnerability that allows attackers to traverse cell phone numbers and consume server resources by sending unlimited verification codes to cell phones, resulting in a denial...

MacroAsia Financial App Has Logic Design Flaws

Hongya Finance is an internet financial information intermediary platform operated by Hangzhou Hongya Financial Information Service Co., Ltd, focusing on supply chain finance and asset package transfer business. There is a logical design loophole in the APP of Hongya Financial, and the attacker c...

The vulnerability of the Oniguruma library, related to writing beyond the buffer boundaries on the stack, allows a hacker to cause a service failure.

The vulnerability of the Oniguruma library exists due to the improper handling of the code position 0xFFFFFFFF in the unicodeunfoldkey function during the compilation of regular expressions. As a result, when the nigencunicodegetcasefoldcodesbystr function is called, 4 bytes will be written at th...

Android Trojan Now Targets Non-Banking Apps that Require Card Payments

The infamous mobile banking trojan that recently added ransomware features to steal sensitive data and lock user files at the same time has now been modified to steal credentials from Uber and other booking apps as well. Security researchers at Kaspersky Lab have discovered a new variant of the...

CVE-2017-7551

389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts...

DEBIAN-CVE-2017-7551

389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts...

Authentication flaw

DISPUTED An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the...

CVE-2017-9855

An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer...