HackApp vulnerability scanner discovered that application WEB.DE Online-Speicher published at the βplayβ market has multiple vulnerabilities.
Are you sure these files should be here?
Native code (.so) usage 'System.loadLibrary();' is found.
Were do they point?
All items deleted with 'file.delete()' could be recovered.
These credentials could be used for authentication.
WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks.
Control of WebView context allows to access local files.
SD-cards and other external storages have 'worldwide read' policy.
WebView 'addJavascriptInterface' could be used to control the host app with JavaScript bindings. Remote Code Execution (RCE) is possible.
CPE | Name | Operator | Version |
---|---|---|---|
web.de online-speicher | le | 3.0.2 |