Beginner's Guide to Disabling ASLR in iOS Apps
Beginner’s Guide to Disabling ASLR in iOS Apps Address Space Layout Randomization (ASLR) is a security feature in iOS that randomizes where apps load in memory, making it harder for attackers to e...
Beginner’s Guide to Disabling ASLR in iOS Apps Address Space Layout Randomization (ASLR) is a security feature in iOS that randomizes where apps load in memory, making it harder for attackers to e...
Summary A publicly accessible internal API testing tool was discovered on Ednovation’s development subdomain. This tool contains hardcoded production credentials and allows unauthenticated users t...
Summary A publicly accessible PHP configuration page (phpinfo()) was discovered on Ednovation’s production subdomain eproject.ednoland.com. The exposure reveals sensitive server configuration deta...
Summary A directory listing exposure was identified on Ednovation’s production subdomain eproject.ednoland.com. The vulnerability reveals sensitive server directories, configuration folders, and i...
Summary A cryptographic weakness was discovered in the AIMath Web App, a math learning platform for children operated by Ednovation. User passwords are stored using the obsolete and insecure MD5 h...
Summary A publicly accessible directory listing was found on Ednovation’s development subdomain, exposing the internal file structure of a web application, including PHP request handlers, code lib...
Summary A critical security flaw was identified in the AIMath Web App, a math learning platform operated by Ednovation, which exposes student and parent personal data via unauthenticated GET APIs....
Summary A SQL injection vulnerability was identified in a backend API supporting Ednovation’s ParentCommApp — a communication platform used by preschools and parents. The vulnerability allows atta...
Summary A critical Insecure Direct Object Reference (IDOR) vulnerability was discovered in Ednovation’s ParentCommApp for iOS, allowing authenticated users to retrieve private data of other childr...
Summary A critical design flaw was discovered in the JWT authentication implementation used by ParentCommApp, an iOS app developed by Ednovation. The app includes a hardcoded shared secret key use...