Shinex Mobile App Has Logic Design Flaws

Credit Ease Mobile App is a software that helps credit managers to work efficiently. There is a logical design vulnerability in Xinyik Mobile APP. An attacker can log into any account system by capturing packets and bursting the verification code...

International Islamic University Chittagong: Application fees changeable

When i submit the form of the Url http://119.18.148.140/iiuc/home/apply-online then I intercept the form request and change the 500 into 100. Application did not give the option to change the money but by intercepting the request we can change the money. Application should removed the application...

Android Private Internet Access Denial Of Service

Original post here: http://wwws.nightwatchcybersecurity.com/2017/10/25/advisory-pia-android-app-cve-2017-15882/ SUMMARY The Android application provided by Private Internet Access PIA VPN service can be crashed by downloading a large file containing a list of current VPN servers. This can be...

Dangerous liaisons

It seems just about everyone has written about the dangers of online dating, from psychology magazines to crime chronicles. But there is one less obvious threat not related to hooking up with strangers – and that is the mobile apps used to facilitate the process. We're talking here about...

Infogram: Stored Cross-Site scripting in the infographics using links

Description Hello. I discovered, that it is possible to conduct Stored XSS attack in the public infographics pages. Upon pasting the link, we can intercept the request, and change the link source to the malicious - which will result to the Stored XSS POC...

Cross site scripting

A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameter...

Recent Wi-Fi KRACK Vulnerability Affects Almost Everyone With an Endpoint

A vulnerability might allow cyber criminals to intercept data being transmitted between Wi-Fi access points and endpoints, recent research has uncovered. The vulnerability, known as KRACK, short for Key Reinstallation Attacks, affects WPA2, which is widely used by many Wi-Fi enabled devices and c...

The vulnerability of the WPA2 protocol, which stems from errors in managing the cryptographic keys, allows unauthorized access to encrypted information transmitted over a wireless network.

The vulnerability of the WPA2 protocol, which provides security for Wi-Fi wireless networks, is related to errors in the management of cryptographic keys. Exploiting this vulnerability allows a perpetrator within the range of a Wi-Fi network to access encrypted information transmitted over the...

The vulnerability of the WPA2 protocol, which stems from errors in managing the cryptographic keys, allows unauthorized access to encrypted information transmitted over a wireless network.

The vulnerability of the WPA2 protocol, which provides security for wireless Wi-Fi networks, is related to errors in the management of cryptographic keys. Exploiting this vulnerability allows a perpetrator within the range of a Wi-Fi network to gain access to encrypted information transmitted ove...

The vulnerability of the WPA2 protocol, which stems from errors in managing the cryptographic keys, allows unauthorized access to encrypted information transmitted over a wireless network.

The vulnerability of the WPA2 protocol, which provides security for wireless Wi-Fi networks, is related to errors in the management of cryptographic keys. Exploiting this vulnerability allows a perpetrator within the range of a Wi-Fi network to gain access to encrypted information transmitted ove...

MikroTik RouterOS WPA2 Key Reinstallation Vulnerabilities - KRACK

WPA2 as used in MikroTik RouterOS is prone to multiple security weaknesses aka Key Reinstallation Attacks KRACK. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Release the KRACKen: flaw in Wi-Fi security leaves users vulnerable

A serious flaw in the wireless protocol that secures all modern protected Wi-Fi networks has been discovered. How serious? If your device supports Wi-Fi, it is most likely affected. This feasible attack, dubbed KRACK, could abuse design or implementation flaws in the Wi-Fi standard, not some...

Appointment app has logic design flaws

Covenant App is an application that offers to sell your time and skills to earn money. There is a logical design loophole in Dating App that allows attackers to register any user and reset user passwords by grabbing packets and modifying cell phone numbers...

Flower Han App Has Logic Design Flaws

Flower Han is a cosmetic surgery and beauty community app. There is a logical design vulnerability in the Flower Han app that allows an attacker to register any user and reset a user's password by grabbing packets and modifying a cell phone number...

Logic design flaws in Jia Yi Chong App

Jia Yi Charge App is a mobile application for city charging pile information inquiry and use. There is a logical design vulnerability in JiaYiCharge App, which allows an attacker to register any user and reset any user's password by grabbing packets and modifying the cell phone number...

CVE-2017-10623 Junos Space: Insufficient verification of cluster messages

Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to...

Arbitrary User Registration and Password Reset Vulnerability in Sapless App

The Paceless App is a software that provides cloud-based intelligent menstrual cycle data recording and analysis. There is an arbitrary user registration vulnerability in Snappy Worry-Free App, which allows an attacker to register any user and reset the user's password by catching packets and...

There are logic design flaws in the Arisu App

Yushu App is a must-have tool for job-seeking created by Touyun Inside and Outside Beijing Network Technology Co. There is a logical design vulnerability in Yushu App, which allows attackers to register any user and reset any user's password by grabbing packets and modifying cell phone numbers...

Security Bypass Vulnerabilities in Multiple Cisco Products

Cisco Nexus 7000 Series Switches and so on are the products of the United States Cisco Cisco.Cisco Nexus 7000 Series Switches are 7000 series switches; Cisco Adaptive Security Appliance ASA, Adaptive Security Appliance The Cisco Nexus 7000 Series Switches are 7000 series switches; the Cisco...

Arbitrary Account Password Reset Vulnerability in OnStar iOS Client Server

OnStar iOS client is a smart driving system. An arbitrary account password reset vulnerability exists in the OnStar iOS client server. An attacker can reset the password of any client and perform unauthorized operations by intercepting the verification code in a packet...