ID HACKAPP:COM.TREEMENGAMES.PAKO.APK
Type hackapp
Reporter Hackapp.org
Modified 2016-04-01T10:01:31
Description
HackApp vulnerability scanner discovered that application Pako - Car Chase Simulator published at the 'play' market has multiple vulnerabilities.
{"cvelist": [], "published": "2016-04-01T10:01:31", "bulletinFamily": "software", "objectVersion": "1.2", "href": "https://hackapp.com/report/3f3d559b2af42af83ec2f52de1199b16", "lastseen": "2016-09-26T20:43:28", "id": "HACKAPP:COM.TREEMENGAMES.PAKO.APK", "hackapp": {"link": "https://play.google.com/store/apps/details?id=com.treemengames.pako&hl=en", "bugs": [{"description": "Base64 encoded string could include authentication credentials.", "severity": "critical", "id": "b5e9339be3eca506052824711c2ce270", "name": "Base64 encoded String"}, {"description": "SD-cards and other external storages have 'worldwide read' policy.", "severity": "medium", "id": "08cd78e8c9401ddea4e2e2550dc292c0", "name": "SD-card access"}, {"description": "WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks.", "severity": "medium", "id": "f68b0a322051a1332e5c997da7b14ed1", "name": "WebView JavaScript enabled"}, {"description": "Control of WebView context allows to access local files.\n\t\t\t", "severity": "medium", "id": "4130313a9dfbf5c236b42a4ed58c1282", "name": "WebView files access"}, {"description": "Were do they point?", "severity": "notice", "id": "c773a1b36268ba3f686239c3fcd03f85", "name": "External URLs"}, {"description": "All items deleted with 'file.delete()' could be recovered.", "severity": "notice", "id": "9a0bdbf22327d134bb61da01b8197092", "name": "Unsafe deleting"}, {"description": "WebView 'addJavascriptInterface' could be used to control the host app with JavaScript bindings. Remote Code Execution (RCE) is possible.", "severity": "critical", "id": "2f8e06294d9736d59b8642520e5420aa", "name": "WebView code execution"}, {"description": "Are you sure these files should be here?", "severity": "notice", "id": "03e01dff9bab882699bc76738d08455e", "name": "Suspicious files"}, {"description": "Code for 'DexClassLoader' could be tampered.", "severity": "medium", "id": "216a2f0eccbdb55f32c2205e6ec2bd8c", "name": "Dynamic Code Loading"}], "vendor": "Tree Men Games", "release": "2015-12-29T00:00:00", "version": "1.0.3.6", "apk": "COM.TREEMENGAMES.PAKO.APK", "store": "play", "name": "Pako - Car Chase Simulator", "icon": "http://lh4.ggpht.com/WsCUbrymL__LazQG2SjWTzXMlBUjdEggCInE1oz31w3rDu5K7xye3AaFY_wY2Fl2IUY=w300"}, "reporter": "Hackapp.org", "references": ["https://play.google.com/store/apps/details?id=com.treemengames.pako&hl=en"], "hashmap": [{"hash": "d83b0dab84c195ce527f928aa2e147ac", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "6b9341ca4a7b665a6a16c39ab0341264", "key": "description"}, {"hash": "6db7ac68814e14c83337fbda22c0c924", "key": "hackapp"}, {"hash": "ffc4e5f06fd344e7224e596246e51d5c", "key": "href"}, {"hash": "11d5dfa940fc082585dfe338de239369", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "11d5dfa940fc082585dfe338de239369", "key": "published"}, {"hash": "365f23c73c9a953e7045873aa6692780", "key": "references"}, {"hash": "3b012aae1848bb95fe11f3cebae83cb0", "key": "reporter"}, {"hash": "636398cb598712cd0aabb11376d902f3", "key": "title"}, {"hash": "96e87ef1fcc8d9d3cdd337488987c423", "key": "type"}, {"hash": "cfcd208495d565ef66e7dff9f98764da", "key": "viewCount"}], "description": "HackApp vulnerability scanner discovered that application Pako - Car Chase Simulator published at the 'play' market has multiple vulnerabilities.", "modified": "2016-04-01T10:01:31", "cvss": {"vector": "NONE", "score": 0.0}, "viewCount": 1, "type": "hackapp", "affectedSoftware": [{"name": "Pako - Car Chase Simulator", "operator": "le", "version": "1.0.3.6"}], "title": "Pako - Car Chase Simulator - Base64 encoded String, WebView code execution vulnerabilities", "hash": "882093bae25cfd0869c5fbd175a3b5318ddf82f8783f9bdfdd24d7119aa0d364", "history": [], "edition": 1, "enchantments": {"vulnersScore": 7.5}}
{"result": {}}