Prague-AL00A,Prague-AL00B,Prague-AL00C,Prague-TL00A,Prague-TL10A Security Vulnerabilities

CVE-2017-8175

The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a.....

CVE-2017-8171

Huawei smart phones with software earlier than Vicky-AL00AC00B172D versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and can perform some...

CVE-2017-8173

Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167...

CVE-2017-8186

The Bastet of some Huawei mobile phones with software of earlier than MHA-AL00BC00B231 versions has a DOS vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system...

CVE-2017-8144

Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L23C605B160,the versions before MHA-AL00C00B225,the versions before LON-AL00C00B225,the versions...

CVE-2017-8144

Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L23C605B160,the versions before MHA-AL00C00B225,the versions before LON-AL00C00B225,the versions...

CVE-2017-8160

The Madapt Driver of some Huawei smart phones with software Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B122,Vicky-TL00AC01B167,Earlier than Victoria-AL00AC00B172 versions,Victoria-TL00AC00B123,Victoria-TL00AC01B167 has a use after free (UAF) vulnerability. An attacker can trick a user....

Security feature bypass

Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167...

Code injection

The Bastet of some Huawei mobile phones with software of earlier than MHA-AL00BC00B231 versions has a DOS vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system...

Privilege escalation

Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L23C605B160,the versions before MHA-AL00C00B225,the versions before LON-AL00C00B225,the versions...

Input validation

The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a.....

Buffer overflow

The CameraISP driver of some Huawei smart phones with software of versions earlier than Prague-AL00AC00B205,versions earlier than Prague-AL00BC00B205,versions earlier than Prague-AL00CC00B205,versions earlier than Prague-TL00AC01B205,versions earlier than Prague-TL10AC01B205 has a buffer overflow.....

Security Advisory - Multiple Vulnerabilities of WPA and WPA2 Protocol in Some Huawei Products

There are ten WPA (Wi-Fi Protected Access) and WPA2 protocol vulnerabilities in some Huawei products: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay,.....

Security Advisory - Buffer overflow Vulnerability in CameraISP Driver of Huawei Smart Phone

The CameraISP driver of some Huawei smart phones has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP, the APP can send a specific parameter to the CameraISP driver of the smart phone, causing system reboot....

CVE-2017-8144

Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L23C605B160,the versions before MHA-AL00C00B225,the versions before LON-AL00C00B225,the versions...

CVE-2017-8202

The CameraISP driver of some Huawei smart phones with software of versions earlier than Prague-AL00AC00B205,versions earlier than Prague-AL00BC00B205,versions earlier than Prague-AL00CC00B205,versions earlier than Prague-TL00AC01B205,versions earlier than Prague-TL10AC01B205 has a buffer overflow.....

CVE-2017-8173

Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167...

Security Advisory - Denial of Service Vulnerability on Huawei Smartphones

There is a denial of service vulnerability on Huawei Smartphones. An attacker could make an loop exit condition that cannot be reached by sending the crafted 3GPP message. Successful exploit could cause the device to reboot. (Vulnerability ID: HWPSIRT-2017-09085) This vulnerability has been...

Security Advisory - Information Disclosure Vulnerability in the Synaptics Touchscreen Driver

An information disclosure vulnerability in the Synaptics touchscreen driver. An attacker tricks a user into installing a malicious application on the smart phone, and it could enable to access data outside of its permission levels. And cause to the sensitive information leaks. (Vulnerability ID:...

Security Advisory - DOS Vulnerability in Bastet Component of Huawei Smart Phone

The Bastet of some Huawei mobile phones has a DOS vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot. (Vulnerability ID: HWPSIRT-2017-08155) This vulnerability has been...

Security Advisory - FRP Bypass Vulnerability by Talkback in Huawei Smart Phones

There is Factory Reset Protection (FRP) bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and can perform some operations to bypass the Google account...

Security Advisory – Multiple “BlueBorne” vulnerabilities on Huawei Products

There are multiple vulnerabilities of the BlueTooth Network in some Huawei products. These vulnerabilities are as follows: 1.Remote Code Execution Vulnerability This vulnerability resides in the Bluetooth Network Encapsulation Protocol (BNEP) service, which enables internet sharing over a...

Security Advisory - Use After Free Vulnerability in Madapt Driver of Some Huawei Smart Phones

The Madapt Driver of some Huawei smart phones has a use after free (UAF) vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution. (Vulnerability ID:...

Security Advisory - MITM Vulnerability in Huawei Themes App in Some Mobile Phones

The Themes App in some Huawei mobile phones has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may exploit this vulnerability to tamper with downloaded themes. (Vulnerability ID: HWPSIRT-2017-06263) This vulnerability has been.....

Security Advisory - Insufficient Input Validation Vulnerability in Bastet of Huawei Smart Phone

The Bastet of some Huawei mobile phones has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot. (Vulnerability ID: HWPSIRT-2017-05190)...

Security Advisory - Resource Exhaustion Vulnerability in Some Huawei Smartphones

Some Huawei smartphones have a resource exhaustion vulnerability due to configure setting. An attacker tricks a user into installing a malicious application, the application may turn on the device flash-light and rapidly drain the device battery. (Vulnerability ID: HWPSIRT-2017-04120) This...

Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones

There is Factory Reset Protection (FRP) bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the.....

LinkedIn Hacker, Wanted by US & Russian, Can be Extradited to Either State

The alleged Russian hacker, who was arrested by the Czech police in Prague last October on suspicion of massive 2012 data breach at LinkedIn, can be extradited to either the United States or Russia, a Czech court ruled on Tuesday. Yevgeniy Aleksandrovich Nikulin, a 29-years-old Russian national,...

FreeRADIUS Update Resolves Authentication Bypass

Developers behind FreeRADIUS, an open source implementation of the 26-year-old RADIUS networking protocol, are encouraging users to update to address an authentication bypass found in the server. While FreeRADIUS is usually run on Linux systems, it can be configured to run on Windows machines. The....

Russian Hacker Behind LinkedIn Breach also Charged with Hacking Dropbox and Formspring

The alleged Russian hacker, who was arrested by the FBI in collaboration with the Czech police, was believed to be the one responsible for massive 2012 data breach at LinkedIn, according to a statement released by LinkedIn. Now, United States authorities have officially indicted Yevgeniy...

Breaking — Russian Hacker Responsible for LinkedIn Data Breach Arrested by FBI

The alleged Russian hacker arrested by the FBI in collaboration with the Czech police is none other than the hacker who was allegedly responsible for massive 2012 data breach at LinkedIn, which affected nearly 117 Million user accounts. Yevgeniy N, 29-year-old Russian hacker was arrested in...

Russian Hacker who was wanted by FBI arrested in Prague

UPDATE — It Turns out that the Russian Hacker arrested by the FBI is responsible for 2012 LinkedIn Data Breach. (Read latest update here) Czech police, in cooperation with the FBI, has arrested a Russian citizen in Prague suspected of participating in conducting cyber-attacks against the United...

AVAST (Shop) #18 - Multiple Client Side XSS Vulnerabilities

...

AVAST (Shop) #18 - Multiple Client Side XSS Vulnerabilities

...

AVAST (Business) #17 - Persistent Web Vulnerability

...

AVAST (Business) #17 - Persistent Web Vulnerability

...

AVAST Business #14 - Client Side Cross Site Vulnerability

...

AVAST Business #14 - Client Side Cross Site Vulnerability

...

AVAST #13 - Persistent Cross Site Scripting Vulnerability

...

AVAST #13 - Persistent Cross Site Scripting Vulnerability

...

AVAST (My) #15 - (frontend.exception) CS XSS Vulnerability

...

AVAST (My) #15 - (frontend.exception) CS XSS Vulnerability

...

Subway Simulator Prague Metro - Dynamic Code Loading, External URLs, SD-card access vulnerabilities

HackApp vulnerability scanner discovered that application Subway Simulator Prague Metro published at the 'play' market has multiple...

Prague Offline City Map Lite - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Prague Offline City Map Lite published at the 'play' market has multiple...

Prague Travel Guide - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Prague Travel Guide published at the 'play' market has multiple...

Prague Metro Map - Base64 encoded String, Exported ContentProvider, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Prague Metro Map published at the 'play' market has multiple...

praguehotels.cz XSS vulnerability

Vulnerable URL: https://www.praguehotels.cz/prague-hotels?page=%3Csvg%20onload=alert%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 18345708 Google Pagerank| 4...

Design Flaws Make Drones Vulnerable to Cyber-Attacks

In the past, The Hacker News (THN) reported about various activities surrounding Drones. Whether it was the development of the first backdoor for drones (MalDrone), or Weaponized drones getting legal, or Drones hacking smartphones. And now the reports depict... Security Researcher has showcased a.....

Apple Patches 100+ Vulnerabilities in OS X, Safari, iOS

UPDATE Apple pushed out its latest operating system, El Capitan, yesterday, and while it boasts many security fixes, the update fails to address the outstanding vulnerability in Gatekeeper that came to light this week. The issue with Gatekeeper, as described yesterday by Patrick Wardle, the...

Deadly Simple Exploit Bypasses Apple Gatekeeper Security to Install Malicious Apps

Apple Mac Computers are considered to be invulnerable to malware, but the new Exploit discovered by security researchers proves it indeed quite false. Patrick Wardle, director of research at security firm Synack, has found a deadly simple way that completely bypass one of the core security...