Flower Han App Has Logic Design Flaws

Flower Han is a cosmetic surgery and beauty community app. There is a logical design vulnerability in the Flower Han app that allows an attacker to register any user and reset a user's password by grabbing packets and modifying a cell phone number...

Logic design flaws in Jia Yi Chong App

Jia Yi Charge App is a mobile application for city charging pile information inquiry and use. There is a logical design vulnerability in JiaYiCharge App, which allows an attacker to register any user and reset any user's password by grabbing packets and modifying the cell phone number...

CVE-2017-10623 Junos Space: Insufficient verification of cluster messages

Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to...

Arbitrary User Registration and Password Reset Vulnerability in Sapless App

The Paceless App is a software that provides cloud-based intelligent menstrual cycle data recording and analysis. There is an arbitrary user registration vulnerability in Snappy Worry-Free App, which allows an attacker to register any user and reset the user's password by catching packets and...

There are logic design flaws in the Arisu App

Yushu App is a must-have tool for job-seeking created by Touyun Inside and Outside Beijing Network Technology Co. There is a logical design vulnerability in Yushu App, which allows attackers to register any user and reset any user's password by grabbing packets and modifying cell phone numbers...

Security Bypass Vulnerabilities in Multiple Cisco Products

Cisco Nexus 7000 Series Switches and so on are the products of the United States Cisco Cisco.Cisco Nexus 7000 Series Switches are 7000 series switches; Cisco Adaptive Security Appliance ASA, Adaptive Security Appliance The Cisco Nexus 7000 Series Switches are 7000 series switches; the Cisco...

Arbitrary Account Password Reset Vulnerability in OnStar iOS Client Server

OnStar iOS client is a smart driving system. An arbitrary account password reset vulnerability exists in the OnStar iOS client server. An attacker can reset the password of any client and perform unauthorized operations by intercepting the verification code in a packet...

Tongcun Village App suffers from arbitrary user login vulnerability

Tongcun Village App is a smart travel application for villagers. There is an arbitrary user login vulnerability in Tongcun Village APP. Attackers can log in to any user account by grabbing packets and bursting the verification code...

Men's Health App Has Arbitrary User Login Vulnerability

Men's Health App is a men's health support tool app. There is an arbitrary user login vulnerability in Men's Health APP. Attackers can login to any account registration by grabbing packets to get the verification code...

4S Circle App has arbitrary account registration vulnerability

4S Circle APP is a handheld tool that connects 4S stores and used car trading. 4S Circle APP has an arbitrary account registration vulnerability. Attackers can register any account by grabbing packets to get the verification code...

EYEE Beehive App Has Logic Design Flaws

EYEE Bee Tide App is an online shopping app. There is a logical design vulnerability in EYEE Beehive APP. An attacker can register any account and reset any password by grabbing packets and bursting the verification code...

Fast Teeth App Has Logic Design Flaws

Fast Teeth APP is a cell phone transfer software. There is a logical design vulnerability in Fast Teeth APP. Attackers can register any account by grabbing packets and blasting the verification code...

ThunderShell - PowerShell based RAT

ThunderShell is a Powershell based RAT that rely on HTTP request to communicate. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network hooks. Dependencies apt install redis-server apt install python-redis Logs Every errors, http requests and...

The vulnerability of Advantech WebAccess remote monitoring software, related to the manipulation of cross-site requests, allows a hacker to intercept the authentication of any user.

The vulnerability of Advantech WebAccess remote monitoring software relates to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor, operating remotely, to intercept the authentication of any user using special scripts to simulate trusted accounts...

Huishang Xingbang App Has Logic Design Flaws

Huishang Xingbang is a resource docking platform for SMEs jointly built by Changzhou Chamber of Commerce Comprehensive Service Center and Changzhou Huishang Xingbang Enterprise Service Co. There is a logical design vulnerability in Huishang Xingbang App, which allows an attacker to log in to any...

ExamCert App Has Logic Design Flaws

Examination treasure is by the Shanghai windmill education science and technology limited company launched all aspects of learning and practicing combination of mobile learning application software. There is a logical design vulnerability in ExamCert App that allows an attacker to reset any accou...

Apple macOS High Sierra and iOS Mail Drafts Email Interception Vulnerability

Apple macOS High Sierra and iOS are both products of Apple Inc. Apple macOS High Sierra is a dedicated operating system for Mac computers. iOS is an operating system for mobile devices. Mail Drafts is one of the email drafts components. A security vulnerability exists in the Mail Drafts component...

Smart Transit App Has Logic Design Flaws

Smart Bus App is a bus route search software. There is a logical design vulnerability in Smart Bus App, which allows an attacker to register any user and reset any user's password by grabbing packets...

Logic Design Vulnerability in TouTou Shared Bike Android APP (CNVD-2017-32466)

TouTou Shared Bike Android APP is a shared bike travel software for cities. There is a logical design vulnerability in TouTou Shared Bicycle Android APP. After registering and logging into the system, an attacker can arbitrarily modify the size of the payment amount by confirming the recharge...

Road to Health Android App Has Logic Design Flaws

Health Road APP is a medical service platform that provides users with services such as registration, consultation, physical examination and accompanying consultation. A logic design vulnerability exists in the Health Road Android APP. The vulnerability is due to the failure of the Alipay payment...