Logic design flaws in Zhongxinxin Sharing App

Zhongxinxin Sharing App is a car sharing software that allows you to book car reservations online. There is a logical design vulnerability in Zhongxinxin Sharing APP. An attacker can reset any password by grabbing packets to get the verification code through the forgot password function...

Lyst: Bypassing one-time checkout router page (revealing payment information)

Description: ======== When user submits for a checkout, the checkout router page /checkout-router/ID/ is accessible only once, which can be bypassed by crafting the checkout ID in cookie basketkey send to the page /new/checkout/order/. combining with brute-force attack, if the ID is valid a resul...

Logic design flaws in Panda TV APP Android version

Panda TV mobile video client is a mobile video online playback platform jointly created by Sichuan Golden Panda New Media Co. There is a logical design loophole in the Android version of Panda TV APP, which allows attackers to register an account arbitrarily by grabbing packets and modifying the...

There is a logic design flaw in the Kaiyen Gold app

Kaiyan Gold Service app is a financial management software. There is a logical design vulnerability in the Kaiyan Gold Service app. The vulnerability is due to the registration of not doing any verification restrictions, the attacker through the packet bursting and intercept the return of the...

Here’s How Hackers Can Hijack Your Online Bitcoin Wallets

Researchers have been warning for years about critical issues with the Signaling System 7 SS7 that could allow hackers to listen in private phone calls and read text messages on a potentially vast scale, despite the most advanced encryption used by cellular networks. Despite fixes being available...

Hongyi Environmental Protection Android App Has Logic Design Flaws

Hongyi Environmental Android APP is an air purifier management tool. There is a logical design vulnerability in the Android APP of Hongyi Environmental Protection. Because the program fails to verify the verification code when performing registration, an attacker can bypass the verification code ...

Arbitrary Account Password Reset Vulnerability in Hongyi Environmental Protection Android APP

Hongyi Environmental Android APP is an air purifier management tool. There is an arbitrary account password reset vulnerability in Hongyi Environmental Protection Android APP. After logging into the system, an attacker can reset any password by grabbing packets and modifying them through the forg...

Password Bypass Vulnerability in Haiwell Cloud SCADA Android App

Haiwell Cloud SCADA is an industrial automation monitoring and management platform software based on .NET Framework developed by Xiamen Haiwell Technology Co. A password bypass vulnerability exists in the Haiwell Cloud SCADA Android APP. An attacker can bind any other cell phone by intercepting t...

The Little Companion App has a logic design flaw

Little Companion APP is a mobile internet information platform specialized in picking up and dropping off children. There is a logical design vulnerability in Little Companion APP, after the attacker registers, the attacker can arbitrarily register users and arbitrarily reset passwords through th...

Sharing Premium App Has Logic Design Flaws

Shared Premium APP is a mobile software that focuses on saving money on online shopping. Sharing Premium APP has a logical design loophole, the attacker can arbitrarily register users and arbitrarily reset passwords by grabbing packets and bursting verification codes...

Aier Eye Group's Eye Neighborhood Doctor's Edition App for Android Has Logic Design Flaws

Eye Neighborhood Doctor Edition App is an application designed and developed for ophthalmologists and ophthalmology practitioners. The Android version of Eye Neighborhood Doctor Edition APP of Aier Ophthalmology Group has a logical design vulnerability, which allows an attacker to reset any accou...

Rent 8 Rings APP suffers from Arbitrary Explosion and Arbitrary Login Vulnerability

Rent 8 Rings APP is a cell phone software for online electric car sharing and renting by Jiangsu Rent 8 Rings Intelligent Technology Cable Company. Rent 8 Rings APP exists arbitrary blasting arbitrary login vulnerability. Attackers can log in to the task account by grabbing packets and blasting t...

Apache Tomcat CloudBees Jenkins Security Bypass Vulnerability

Apache Tomcat is the United States Apache Apache Software Foundation under the Jakarta project of a lightweight Web application server , it is mainly used for the development and debugging of JSP programs for small and medium-sized systems. CloudBees Jenkins is one of the set of U.S. CloudBees,...

Logic design flaws in the Android version of Eye Neighborhood App of Aier Eye Group

Eye Neighborhood APP is an all-round eye health management application, which monitors your eye health anytime and anywhere, consults with professional ophthalmologists online, and connects with offline eye health medical products to provide users with professional checkups and treatment services...

EZZY APP Android version of the deposit function module has a payment design loophole

EZZY APP is a car intelligent sharing platform APP created by Beijing Daimeng Technology Co. The Android version of EZZY APP has a vulnerability in the amount payment design. After logging into the system, an attacker can arbitrarily modify the size of the payment amount by clicking on the paymen...

Payment Design Vulnerabilities in the Top-Up Function Module of EZZY APP Android Version

EZZY APP is a car intelligent sharing platform APP created by Beijing Daimeng Technology Co. There is a payment design vulnerability in the recharge function module of EZZY APP Android version. After logging into the system, an attacker can modify the amount in the payment packet by catching the...

CVE-2015-3442

Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call...

Code injection

Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call...

Cloud Drops Travel App Has Logic Design Flaws

YunDiTrip is a professional intelligent travel platform based on local Yunnan. There is a logical design loophole in the APP of YunDropTrip. After logging into the system, an attacker can arbitrarily register users and perform unauthorized operations by grabbing packets and modifying cell phone...

E-Health Android App suffers from an override access vulnerability

E-Health Android APP is a mobile medical application that aims to improve the patient experience, enhance the service level of medical institutions, and strengthen the communication between doctors and patients. E-Health Android APP has an overstepping access vulnerability, the attacker can view...