CVE-2018-15898

The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction data...

Ftp Server 1.32 - Credential Disclosure Vulnerability

Exploit for Android platform in category local exploits Exploit Title: Ftp Server 1.32 - Credential Disclosure Software Link: https://play.google.com/store/apps/details?id=com.theolivetree.ftpserver Version: 1.32 Android App Vendor: The Olive Tree Exploit Author: ManhNho CVE: N/A Category: Mobile...

FTP Server 1.32 Credential Disclosure

Exploit Title: Ftp Server 1.32 - Credential Disclosure Date: 2018-05-29 Software Link: https://play.google.com/store/apps/details?id=com.theolivetree.ftpserver Version: 1.32 Android App Vendor: The Olive Tree Exploit Author: ManhNho CVE: N/A Category: Mobile Apps Tested on: Android 4.4 Descriptio...

Werewolf Online 0.8.8 - Information Disclosure

Exploit Title: Werewolf Online 0.8.8 - Insecure Logging Date: 2018-05-24 Software Link: https://play.google.com/store/apps/details?id=com.werewolfapps.online Download Link: https://apkpure.com/werewolf-online-unreleased/com.werewolfapps.online/download?from=details Exploit Author: ManhNho Version...

Google Play Bounty Promises $1,000 Rewards for Flaws in Popular Apps

Google has taken a long-awaited step and instituted a public bug bounty focused on finding vulnerabilities in popular mobile apps housed on its Google Play marketplace At the outset, bug-hunters will work directly with developers of popular apps through the HackerOne platform and are in line for...

Calendar from Android 4.4 - Exported components, External URLs, Suspicious files vulnerabilities

HackApp vulnerability scanner discovered that application Calendar from Android 4.4 published at the 'play' market has multiple vulnerabilities...

Fisher-Price Smart Toy platform allows some unauthenticated web API commands

Overview The Fisher-Price Smart Toy does not perform proper authentication of some API commands, and it may also use a vulnerable version of Android. Description The Fisher-Price Smart Toy bear is a new WiFi-connected Internet of Things IoT toy. The device utilizes network connectivity to provide...

Code injection

Bluetooth in Android 4.4 and 5.x before 5.1.1 LMY48Z allows user-assisted remote attackers to execute arbitrary code by leveraging access to the local physical environment, aka internal bug 24595992...

CVE-2015-8072

mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 23881715, a different vulnerability than CVE-2015-6608 and CVE-2015-8073...

CVE-2015-8073

mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 14388161, a different vulnerability than CVE-2015-6608 and CVE-2015-8072...

CVE-2014-7915

Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708...

One class to rule them all

This vulnerability allows for arbitrary code execution in the context of many apps and services and results in elevation of privileges. There is a Proof-of-Concept exploit against the Google Nexus 5 device, that achieves code execution inside the highly privileged systemserver process, and then...

Security Advisory- Local Denial of Service Vulnerability in Huawei Ascend P7

Huawei Ascend P7 Sophia-L09 uses Android 4.4, which is the upgrade version of EMUI 3.0. The phone module crashes when a third-party app sends specific broadcast messages or enables specific UIs. Vulnerability ID: HWPSIRT-2014-1233 This vulnerability has been assigned Common Vulnerabilities and...

Android Browser in Android < 4.4 Same Origin Policy Bypass

Binary data 8543.prm...

Android KeyStore Stack Buffer Overflow &#40;CVE-2014-3100&#41;

Hi, We have discovered a stack-based buffer overflow in the Android KeyStore service which affects Android 4.3 and below. The issue was patched in Android 4.4. The vulnerability is identified as CVE-2014-3100. More details are available at: 1. Blog post: http://ibm.co/1pbk4yH 2. Advisory:...

CVE-2013-6124

The Qualcomm Innovation Center QuIC init scripts in Code Aurora Forum CAF releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a 1 chown or 2 chmod command, as demonstrated by changing the permissions of an arbitrary file via...

Integer overflow

Integer signedness error in system/core/adb/adbclient.c in Android Debug Bridge ADB for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow...

CVE-2014-1909

CVE-2014-1909 is an integer signedness error in Android’s ADB implementation (system/core/adb/adb_client.c) affecting Android 4.4 with Platform Tools 18.0.1. Exploitation could allow an ADB server to execute arbitrary code via a negative length value that defeats a signed check and triggers a sta...

CVE-2013-6770

The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then...

CVE-2014-1978

The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted...