EUVD-2020-0969

A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI...

Android WebView Cross Domain Access Vulnerability

Android WebView web view is a control for displaying html text content on Android platform. Android WebView has a cross domain access vulnerability. The vulnerability occurs because the Android application WebView opens the file domain access, and allows the file domain to access the http domain,...

CVE-2016-6754

A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code...

Google Chrome V8 Engine Remote Code Execution Vulnerability (BadKernel)

Google V8 JavaScript Engine is the United States Google Google company for the Chrome browser developed a set of open source JavaScript engine. A remote code execution vulnerability exists in Google Chrome V8 engine versions 3.20 to 4.2, due to the "observeacceptinvalid" exception type being...

New Dark Web Marketplace Offers Zero-Day Exploits to Hackers

Hackers have sold secrets of zero-day exploits in the underground Dark Web marketplace such as the Silk Road and its various successors for years, and now a new deep web marketplace has appeared that offers anonymity protection to its sellers. A new Dark Web market, called "TheRealDeal," has open...

Boat Browser 8.0 / 8.0.1 Remote Code Execution

CreatMalTxt POC - WebView var obj; function TestVulnerability temp="not"; var myObject = window; for var name in myObject if myObject.hasOwnPropertyname try temp=myObjectname.getClass.forName'java.lang.Runtime'.getMethod'getRuntime',null.invokenull,null; catche iftemp=="not"...

UBUNTU-CVE-2012-6636

The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application...

Android Browser and WebView addJavascriptInterface - Code Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Android", :arch = ARCHARMLE, :javascript = true, :rank = ExcellentRanking, :vulntest = %Q| for i in top try...

JVN#86318665: jigbrowser+ for Android vulnerable in the WebView class

jigbrowser+ is a web browser for a smartphone. jigbrowser+ for Android contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Update the software Updat...