Design/Logic Flaw

Mifos-Mobile Android Application for MifosX is an Android Application built on top of the MifosX Self-Service platform. Mifos-Mobile before commit e505f62 disables HTTPS hostname verification of its HTTP client. Additionally it accepted any self-signed certificate as valid. Hostname verification ...

CVE-2020-35456

The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to view private chat messages and media files via logcat because of excessive logging...

CVE-2020-35454

The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration...

Code injection

The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage...

CVE-2020-35454

The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration...

CVE-2020-35456

The CVE-2020-35456 entry concerns the Taidii Diibear Android application version 2.4.0 (and derivatives). The vulnerability is caused by excessive logging that allows attackers who can access logcat to view private chat messages and media files, exposing partial confidentiality. Affected componen...

CVE-2020-35456

The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to view private chat messages and media files via logcat because of excessive logging...

Janus Signature Vulnerability in QQ Extreme Edition for Android

QQ Extreme is a chatting and socializing app. A Janus signature vulnerability exists in QQ Extreme Edition for Android. An attacker can exploit the vulnerability to gain server privileges...

CVE-2021-27549

Genymotion Desktop (up to 3.2.0) leaks the host clipboard data to the Android application by default. The issue is due to this default behavior, which the vendor states can be changed via Settings > Device screen. Connected sources confirm the affected version range and the remediation path: a...

PT-2021-17502 · Genymotion · Genymotion Desktop

Name of the Vulnerable Software and Affected Versions: Genymotion Desktop versions 3.2.0 and earlier Description: The issue concerns the leakage of the host's clipboard data to the Android application by default. It is worth noting that the vendor considers this behavior as intended and...

New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card

Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victim's Mastercard contactless card while believing it to be a Visa card. The research, published by a group of academics from ETH Zurich, builds on a stud...

Teamamaze Amazefilemanager Security Vulnerability

Teamamaze Amazefilemanager is a file manager application from Teamamaze team for Android devices. A security vulnerability exists in the Teamamaze Amazefilemanager application prior to version 3.4.2, which stems from an intent to control an FTP server that is not properly restricted...

Security feature bypass

We have resolved a security issue in the camera plugin that could have affected certain Cordova Android applications. An attacker who could install or lead the victim to install a specially crafted or malicious Android application would be able to access pictures taken with the app externally...

Damn-Vulnerable-Bank - Vulnerable Banking Application For Android

Damn Vulnerable Bank Android Application aims to provide an interface for everyone to get a detailed understanding with internals and security aspects of android application. How to Use Application Clone the repository and run the Backend Server as per instructions in the link. We have released t...

Framer Preview 12 Content Injection Vulnerability

Framer Preview version 12 for Android exposes an activity to other apps called "com.framer.viewer.FramerViewActivity". The purpose of this activity is to show contents of a given URL via an fullscreen overlay to the app user. However, the app does neither enforce any authorization schema on the...

CVE-2020-14292

In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone...

Robot Character Analysis Reveals Trust Issues

ARCHIVED STORY Robot Character Analysis Reveals Trust Issues By Douglas McKee · August 05, 2020 Retired Marine fighter pilot and Top Gun instructor Dave Berke said “Every single thing you do in your life, every decision you make, is an OODA Loop.” OODA Loop? Observe–Orient–Decide–Act, the “OODA...

CVE-2020-4100

"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime;...

h1-ctf: [h1-2006 CTF] Multiple vulnerabilities leading to account takeover and two-factor authentication bypass allows to send pending bounty payments

Hi, First things first, the flag of the CTF challenge. F863095 Write-Up I've published my write-up at https://kapytein.nl/texts/2020-06-10-h1-2006-ctf-writeup-2cf34abd3ed/, in order to avoid a lengthy report 😅. TL;DR 1 2FA bypass as we control both values on the comparison. 2 SSRF to...

h1-ctf: [h1-2006 2020] Chained vulnerabilities lead to account takeover

Summary Mårten Mickos lost his account for BountyPay, the new service HackerOne is using to pay bug bounties. In this report I explain how I accessed a customer's account using a log file and bypassed its 2FA validation. I then leverage an open redirect bug to gain access to an internal server an...