Password Bypass Vulnerability in Haiwell Cloud SCADA Android App

Haiwell Cloud SCADA is an industrial automation monitoring and management platform software based on .NET Framework developed by Xiamen Haiwell Technology Co. A password bypass vulnerability exists in the Haiwell Cloud SCADA Android APP. An attacker can bind any other cell phone by intercepting t...

The Little Companion App has a logic design flaw

Little Companion APP is a mobile internet information platform specialized in picking up and dropping off children. There is a logical design vulnerability in Little Companion APP, after the attacker registers, the attacker can arbitrarily register users and arbitrarily reset passwords through th...

Sharing Premium App Has Logic Design Flaws

Shared Premium APP is a mobile software that focuses on saving money on online shopping. Sharing Premium APP has a logical design loophole, the attacker can arbitrarily register users and arbitrarily reset passwords by grabbing packets and bursting verification codes...

Rent 8 Rings APP suffers from Arbitrary Explosion and Arbitrary Login Vulnerability

Rent 8 Rings APP is a cell phone software for online electric car sharing and renting by Jiangsu Rent 8 Rings Intelligent Technology Cable Company. Rent 8 Rings APP exists arbitrary blasting arbitrary login vulnerability. Attackers can log in to the task account by grabbing packets and blasting t...

Aier Eye Group's Eye Neighborhood Doctor's Edition App for Android Has Logic Design Flaws

Eye Neighborhood Doctor Edition App is an application designed and developed for ophthalmologists and ophthalmology practitioners. The Android version of Eye Neighborhood Doctor Edition APP of Aier Ophthalmology Group has a logical design vulnerability, which allows an attacker to reset any accou...

Apache Tomcat CloudBees Jenkins Security Bypass Vulnerability

Apache Tomcat is the United States Apache Apache Software Foundation under the Jakarta project of a lightweight Web application server , it is mainly used for the development and debugging of JSP programs for small and medium-sized systems. CloudBees Jenkins is one of the set of U.S. CloudBees,...

Logic design flaws in the Android version of Eye Neighborhood App of Aier Eye Group

Eye Neighborhood APP is an all-round eye health management application, which monitors your eye health anytime and anywhere, consults with professional ophthalmologists online, and connects with offline eye health medical products to provide users with professional checkups and treatment services...

EZZY APP Android version of the deposit function module has a payment design loophole

EZZY APP is a car intelligent sharing platform APP created by Beijing Daimeng Technology Co. The Android version of EZZY APP has a vulnerability in the amount payment design. After logging into the system, an attacker can arbitrarily modify the size of the payment amount by clicking on the paymen...

Payment Design Vulnerabilities in the Top-Up Function Module of EZZY APP Android Version

EZZY APP is a car intelligent sharing platform APP created by Beijing Daimeng Technology Co. There is a payment design vulnerability in the recharge function module of EZZY APP Android version. After logging into the system, an attacker can modify the amount in the payment packet by catching the...

CVE-2015-3442

Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call...

Code injection

Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call...

Cloud Drops Travel App Has Logic Design Flaws

YunDiTrip is a professional intelligent travel platform based on local Yunnan. There is a logical design loophole in the APP of YunDropTrip. After logging into the system, an attacker can arbitrarily register users and perform unauthorized operations by grabbing packets and modifying cell phone...

E-Health Android App suffers from an override access vulnerability

E-Health Android APP is a mobile medical application that aims to improve the patient experience, enhance the service level of medical institutions, and strengthen the communication between doctors and patients. E-Health Android APP has an overstepping access vulnerability, the attacker can view...

Cloud Inspection App for Android suffers from an override access vulnerability

Cloud Inspection is a scanning application authorized by the Entry-Exit Inspection and Quarantine Bureau, which allows you to find out the price, origin, date of entry, inspection and quarantine information of the goods. The Android version of the Cloud Inspection APP has an unauthorized access...

Override Access Vulnerability in Charging Pile Android App

Charging Pile APP is a software that provides electric vehicle owners with information service on the location, number, type and status of charging piles. The Charging Pile Android APP suffers from an overstepping access vulnerability that allows attackers to view arbitrary account information by...

Shenzhen Yuanzheng Technology golo android app has information leakage vulnerability

golo APP is a social networking application that uses instant messaging as a communication platform to connect automotive repair technicians with car owners. Shenzhen Yuanzheng Technology golo Android APP has information leakage vulnerability. The attacker can view the user's sensitive informatio...

Microtransit EV Android App has an override access vulnerability

Microbus EV APP is a car time-share rental service software. Microtransit EV Android APP has an override access vulnerability. After logging into the system, an attacker can view any account information, including user's name, cell phone number, ID number, account amount and other sensitive...

ZTE ADSL ZXV10 W300 Password Interception Vulnerability

The ZTE ADSL ZXV10 W300 is an ADSL modem Modem product from China's ZTE Corporation ZTE. A security vulnerability exists in the ZTE ADSL ZXV10 W300 W300V2.1.0fER7PEO57 version and W300V2.1.0hER7PEO57 version. A remote attacker can exploit this vulnerability to change the administrator password by...

CVE-2015-7257

ZTE ADSL ZXV10 W300 modems W300V2.1.0fER7PEO57 and W300V2.1.0hER7PEO57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin"...

Trend Micro Hosted Email Security (HES) Interception / Insecure Direct Object Reference

Date: 24-Aug-2017 Product: Trend Micro Hosted Email Security HES Versions affected: Hosted Email Security before January 2012. Vulnerability: Two vulnerabilities were discovered. The first allowed any HES user to intercept in-transit emails through the Trend Micro Hosted Email Security cloud...