{"href": "https://hackapp.com/report/afa882eb1fef3093ab40e6a576d5267d", "history": [], "id": "HACKAPP:COM.ANQAGAME.CENTRUM.APK", "reporter": "Hackapp.org", "published": "2017-05-27T05:53:36", "description": "HackApp vulnerability scanner discovered that application Centrum published at the 'play' market has multiple vulnerabilities.", "title": "Centrum - External URLs, Possible privilege escalation, SD-card access vulnerabilities", "lastseen": "2017-05-27T05:51:11", "bulletinFamily": "software", "type": "hackapp", "cvss": {"score": 0.0, "vector": "NONE"}, "hash": "bb1a1c7d48e4c27acad0148fe76bce71d798672d55f23b11fcd21e825adc7e2b", "references": ["https://play.google.com/store/apps/details?id=com.anqagame.centrum&hl=en"], "edition": 1, "hackapp": {"store": "play", "icon": "http://lh3.googleusercontent.com/J4r9mSWTw8SqfOylL4mZ5a-Q2RIVyWgSr1CKSbs2EG9AunUdIlgP-cvIN1Kf8qVXC_IJ=w300", "apk": "COM.ANQAGAME.CENTRUM.APK", "vendor": "Anqa Game", "release": "2017-03-11T00:00:00", "bugs": [{"id": "559dfdfc58675091b1bd29a2c1c2c518", "severity": "notice", "name": "Unsafe deleting", "description": "All items deleted with 'file.delete()' could be recovered."}, {"id": "27b3c7d93950a82fe20092eafa1a5df0", "severity": "medium", "name": "WebView JavaScript enabled", "description": "WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks."}, {"id": "00f799153f2395e361fe0e15fa153ec9", "severity": "notice", "name": "Suspicious files", "description": "Are you sure these files should be here?"}, {"id": "6f51fe90393ee56c13cb3c5f384d5290", "severity": "notice", "name": "External URLs", "description": "Were do they point?"}, {"id": "1644cccea469552d07e93eecd3d10230", "severity": "medium", "name": "WebView files access", "description": "Control of WebView context allows to access local files.\n\t\t\t"}, {"id": "c915f8303fe0abda2f60c8bf1925759a", "severity": "critical", "name": "WebView code execution", "description": "WebView 'addJavascriptInterface' could be used to control the host app with JavaScript bindings. Remote Code Execution (RCE) is possible."}, {"id": "ff1f8374be1c8ebe9ed06dbce4540204", "severity": "notice", "name": "Possible privilege escalation", "description": "This app is looking for root tools."}, {"id": "bbf49ad73fa5396695b682a4635661ca", "severity": "medium", "name": "SD-card access", "description": "SD-cards and other external storages have 'worldwide read' policy."}], "link": "https://play.google.com/store/apps/details?id=com.anqagame.centrum&hl=en", "name": "Centrum", "version": "1.0.1"}, "cvelist": [], "affectedSoftware": [{"name": "Centrum", "operator": "le", "version": "1.0.1"}], "viewCount": 0, "enchantments": {"score": {"value": 1.2, "vector": "NONE", "modified": "2017-05-27T05:51:11"}, "dependencies": {"references": [], "modified": "2017-05-27T05:51:11"}, "vulnersScore": 1.2}, "hashmap": [{"key": "affectedSoftware", "hash": "8d4302b5ce35d11fdc8226a207f34bf7"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "8a036456dd855d41518e20efd4a86797"}, {"key": "hackapp", "hash": "edf70ea924bf34616deeb4d69aa25894"}, {"key": "href", "hash": "6928b90628971f199a917e97852b91ba"}, {"key": "modified", "hash": "88f2207fc034068aa29f573cb69ee96b"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "88f2207fc034068aa29f573cb69ee96b"}, {"key": "references", "hash": "839655a8fa9e7cb759273e6c27a16a7f"}, {"key": "reporter", "hash": "3b012aae1848bb95fe11f3cebae83cb0"}, {"key": "title", "hash": "5ccf0cf9c42fc6654d7b66755b3e4af6"}, {"key": "type", "hash": "96e87ef1fcc8d9d3cdd337488987c423"}], "objectVersion": "1.2", "modified": "2017-05-27T05:53:36"}

{}