Beginner’s Guide to Disabling ASLR in iOS Apps Address Space Layout Randomization (ASLR) is a security feature in iOS that randomizes where apps load in memory, making it harder for attackers to e...

Summary A publicly accessible internal API testing tool was discovered on Ednovation’s development subdomain. This tool contains hardcoded production credentials and allows unauthenticated users t...

Summary A publicly accessible PHP configuration page (phpinfo()) was discovered on Ednovation’s production subdomain eproject.ednoland.com. The exposure reveals sensitive server configuration deta...

Summary A directory listing exposure was identified on Ednovation’s production subdomain eproject.ednoland.com. The vulnerability reveals sensitive server directories, configuration folders, and i...

Summary A cryptographic weakness was discovered in the AIMath Web App, a math learning platform for children operated by Ednovation. User passwords are stored using the obsolete and insecure MD5 h...

Summary A publicly accessible directory listing was found on Ednovation’s development subdomain, exposing the internal file structure of a web application, including PHP request handlers, code lib...

Summary A critical security flaw was identified in the AIMath Web App, a math learning platform operated by Ednovation, which exposes student and parent personal data via unauthenticated GET APIs....

Summary A SQL injection vulnerability was identified in a backend API supporting Ednovation’s ParentCommApp — a communication platform used by preschools and parents. The vulnerability allows atta...

Summary A critical Insecure Direct Object Reference (IDOR) vulnerability was discovered in Ednovation’s ParentCommApp for iOS, allowing authenticated users to retrieve private data of other childr...

Summary A critical design flaw was discovered in the JWT authentication implementation used by ParentCommApp, an iOS app developed by Ednovation. The app includes a hardcoded shared secret key use...