ID HACKAPP:NET.POCKETMINE.SERVER.APK
Type hackapp
Reporter Hackapp.org
Modified 2016-04-01T09:30:00
Description
HackApp vulnerability scanner discovered that application PocketMine-MP for Android published at the 'play' market has multiple vulnerabilities.
{"edition": 1, "objectVersion": "1.2", "id": "HACKAPP:NET.POCKETMINE.SERVER.APK", "reporter": "Hackapp.org", "hashmap": [{"hash": "1faf763eba600d15c4b78584ef24ecd9", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "87900002e6ec37bbb09c4dd436cf01d4", "key": "description"}, {"hash": "1115eb0b90891a9137ca06685e5384fe", "key": "hackapp"}, {"hash": "e132ce9d806a36e7bbe1219caa9b34c8", "key": "href"}, {"hash": "bdc526157b315b4d18235cae4698d950", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "bdc526157b315b4d18235cae4698d950", "key": "published"}, {"hash": "c8c6e02776a4fc2c72b498c52b7dd92d", "key": "references"}, {"hash": "3b012aae1848bb95fe11f3cebae83cb0", "key": "reporter"}, {"hash": "7d0656a7720140f333e3f4bee483d49d", "key": "title"}, {"hash": "96e87ef1fcc8d9d3cdd337488987c423", "key": "type"}, {"hash": "cfcd208495d565ef66e7dff9f98764da", "key": "viewCount"}], "viewCount": 1, "href": "https://hackapp.com/report/bd414cf6390f26ded717406091280894", "references": ["https://play.google.com/store/apps/details?id=net.pocketmine.server&hl=en"], "hash": "85459994740ab0684f8669cea9ae333d2497e6a754edc4a508941a9d900693e0", "modified": "2016-04-01T09:30:00", "lastseen": "2016-09-26T20:43:35", "cvelist": [], "hackapp": {"apk": "NET.POCKETMINE.SERVER.APK", "icon": "http://lh5.ggpht.com/hzBT0nCoZAWZbicRnRV17SI-n6XwVPHv0EhYkHN_Ycs2Yg4ZxujMb-svCx1Ch8mkyME=w300", "link": "https://play.google.com/store/apps/details?id=net.pocketmine.server&hl=en", "name": "PocketMine-MP for Android", "version": "2.1.4", "bugs": [{"name": "WebView files access", "description": "Control of WebView context allows to access local files.\n\t\t\t", "id": "1fd445875c15bbd87f643c821705af9b", "severity": "medium"}, {"name": "Suspicious files", "description": "Are you sure these files should be here?", "id": "02d7625249e8c3eea2eb8c1d3345c518", "severity": "notice"}, {"name": "Possible privilege escalation", "description": "This app is looking for root tools.", "id": "2fc3fe125ad88bfa68361a53e588caca", "severity": "notice"}, {"name": "Unsafe deleting", "description": "All items deleted with 'file.delete()' could be recovered.", "id": "32019ba43b76b5984edf44b6755616b8", "severity": "notice"}, {"name": "External URLs", "description": "Were do they point?", "id": "0f580e57bf4f28a909a2db808f6f129a", "severity": "notice"}, {"name": "WebView JavaScript enabled", "description": "WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks.", "id": "322d937991b4d1abffc7c3d5cc9e774c", "severity": "medium"}, {"name": "SD-card access", "description": "SD-cards and other external storages have 'worldwide read' policy.", "id": "d85ae2728511837132132d4313b2c840", "severity": "medium"}, {"name": "Runtime command execution", "description": "Function 'Runtime.getRuntime().exec()' is used, please check where variables are come from.", "id": "1cb1487bd27757890209ccc3e1024696", "severity": "medium"}, {"name": "Base64 encoded String", "description": "Base64 encoded string could include authentication credentials.", "id": "c9e5076322edada7ba7fc70d0ecbdfbc", "severity": "critical"}, {"name": "Dynamic Code Loading", "description": "Code for 'DexClassLoader' could be tampered.", "id": "7560bc2bf35bc8866f2c08eb3452e875", "severity": "medium"}], "store": "play", "release": "2014-10-18T00:00:00", "vendor": "PocketMine"}, "type": "hackapp", "description": "HackApp vulnerability scanner discovered that application PocketMine-MP for Android published at the 'play' market has multiple vulnerabilities.", "bulletinFamily": "software", "cvss": {"vector": "NONE", "score": 0.0}, "published": "2016-04-01T09:30:00", "affectedSoftware": [{"version": "2.1.4", "name": "PocketMine-MP for Android", "operator": "le"}], "history": [], "title": "PocketMine-MP for Android - Base64 encoded String, Dynamic Code Loading, External URLs vulnerabilities", "enchantments": {"vulnersScore": 5.5}}
{"result": {}}
