Tongcun Village App suffers from arbitrary user login vulnerability

Tongcun Village App is a smart travel application for villagers. There is an arbitrary user login vulnerability in Tongcun Village APP. Attackers can log in to any user account by grabbing packets and bursting the verification code...

Men's Health App Has Arbitrary User Login Vulnerability

Men's Health App is a men's health support tool app. There is an arbitrary user login vulnerability in Men's Health APP. Attackers can login to any account registration by grabbing packets to get the verification code...

4S Circle App has arbitrary account registration vulnerability

4S Circle APP is a handheld tool that connects 4S stores and used car trading. 4S Circle APP has an arbitrary account registration vulnerability. Attackers can register any account by grabbing packets to get the verification code...

EYEE Beehive App Has Logic Design Flaws

EYEE Bee Tide App is an online shopping app. There is a logical design vulnerability in EYEE Beehive APP. An attacker can register any account and reset any password by grabbing packets and bursting the verification code...

Fast Teeth App Has Logic Design Flaws

Fast Teeth APP is a cell phone transfer software. There is a logical design vulnerability in Fast Teeth APP. Attackers can register any account by grabbing packets and blasting the verification code...

ThunderShell - PowerShell based RAT

ThunderShell is a Powershell based RAT that rely on HTTP request to communicate. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network hooks. Dependencies apt install redis-server apt install python-redis Logs Every errors, http requests and...

The vulnerability of Advantech WebAccess remote monitoring software, related to the manipulation of cross-site requests, allows a hacker to intercept the authentication of any user.

The vulnerability of Advantech WebAccess remote monitoring software relates to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor, operating remotely, to intercept the authentication of any user using special scripts to simulate trusted accounts...

Huishang Xingbang App Has Logic Design Flaws

Huishang Xingbang is a resource docking platform for SMEs jointly built by Changzhou Chamber of Commerce Comprehensive Service Center and Changzhou Huishang Xingbang Enterprise Service Co. There is a logical design vulnerability in Huishang Xingbang App, which allows an attacker to log in to any...

ExamCert App Has Logic Design Flaws

Examination treasure is by the Shanghai windmill education science and technology limited company launched all aspects of learning and practicing combination of mobile learning application software. There is a logical design vulnerability in ExamCert App that allows an attacker to reset any accou...

Apple macOS High Sierra and iOS Mail Drafts Email Interception Vulnerability

Apple macOS High Sierra and iOS are both products of Apple Inc. Apple macOS High Sierra is a dedicated operating system for Mac computers. iOS is an operating system for mobile devices. Mail Drafts is one of the email drafts components. A security vulnerability exists in the Mail Drafts component...

Smart Transit App Has Logic Design Flaws

Smart Bus App is a bus route search software. There is a logical design vulnerability in Smart Bus App, which allows an attacker to register any user and reset any user's password by grabbing packets...

Logic Design Vulnerability in TouTou Shared Bike Android APP (CNVD-2017-32466)

TouTou Shared Bike Android APP is a shared bike travel software for cities. There is a logical design vulnerability in TouTou Shared Bicycle Android APP. After registering and logging into the system, an attacker can arbitrarily modify the size of the payment amount by confirming the recharge...

Road to Health Android App Has Logic Design Flaws

Health Road APP is a medical service platform that provides users with services such as registration, consultation, physical examination and accompanying consultation. A logic design vulnerability exists in the Health Road Android APP. The vulnerability is due to the failure of the Alipay payment...

Logic design flaws in Zhongxinxin Sharing App

Zhongxinxin Sharing App is a car sharing software that allows you to book car reservations online. There is a logical design vulnerability in Zhongxinxin Sharing APP. An attacker can reset any password by grabbing packets to get the verification code through the forgot password function...

Lyst: Bypassing one-time checkout router page (revealing payment information)

Description: ======== When user submits for a checkout, the checkout router page /checkout-router/ID/ is accessible only once, which can be bypassed by crafting the checkout ID in cookie basketkey send to the page /new/checkout/order/. combining with brute-force attack, if the ID is valid a resul...

Logic design flaws in Panda TV APP Android version

Panda TV mobile video client is a mobile video online playback platform jointly created by Sichuan Golden Panda New Media Co. There is a logical design loophole in the Android version of Panda TV APP, which allows attackers to register an account arbitrarily by grabbing packets and modifying the...

There is a logic design flaw in the Kaiyen Gold app

Kaiyan Gold Service app is a financial management software. There is a logical design vulnerability in the Kaiyan Gold Service app. The vulnerability is due to the registration of not doing any verification restrictions, the attacker through the packet bursting and intercept the return of the...

Here’s How Hackers Can Hijack Your Online Bitcoin Wallets

Researchers have been warning for years about critical issues with the Signaling System 7 SS7 that could allow hackers to listen in private phone calls and read text messages on a potentially vast scale, despite the most advanced encryption used by cellular networks. Despite fixes being available...

Hongyi Environmental Protection Android App Has Logic Design Flaws

Hongyi Environmental Android APP is an air purifier management tool. There is a logical design vulnerability in the Android APP of Hongyi Environmental Protection. Because the program fails to verify the verification code when performing registration, an attacker can bypass the verification code ...

Arbitrary Account Password Reset Vulnerability in Hongyi Environmental Protection Android APP

Hongyi Environmental Android APP is an air purifier management tool. There is an arbitrary account password reset vulnerability in Hongyi Environmental Protection Android APP. After logging into the system, an attacker can reset any password by grabbing packets and modifying them through the forg...