1377 matches found
CVE-2020-6828
The Mozilla Foundation Security Advisory describes this flaw as: A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to...
Nord Security: NordVPN Android Application privacy violation due to Google Advertising Identifier misuse
The researcher reported an issue regarding somewhat incorrect GAID usage integration in our application. The concerns were valid and properly addressed by our team...
CVE-2020-5529
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is...
CVE-2020-5529
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is...
Design/Logic Flaw
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is...
CVE-2020-5529
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is...
CVE-2020-5529
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is...
CVE-2018-20582
The GREE+ aka com.gree.greeplus application 1.4.0.8 for Android suffers from Cross Site Request Forgery...
CVE-2019-11380
The master-password feature in the ES File Explorer File Manager application 4.2.0.1.3 for Android can be bypassed via a com.estrongs.android.pop.ftp.ESFtpShortcut intent, leading to remote FTP access to the entirety of local storage...
EVABS - Extremely Vulnerable Android Labs
An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners. The effort is to introduce beginners with very limited or zero knowledge to some of the major and commonly found real-world based Android application...
Security Bulletin: MaaS360 has identified a vulnerability in the MaaS360 Android Application. (CVE-2019-4501)
Summary A vulnerability was identified and remediated in the MaaS360 Android Application version 6.70. Vulnerability Details CVEID: CVE-2019-4501 DESCRIPTION: When using MaaS360 Android application in Android Enterprise Managed Work Profile Mode using Single Sign-On through a web view application...
Send Anywhere application for Android trust management issue vulnerability
Send Anywhere application for Android is a file transfer application based on Android platform. A trust management issue vulnerability exists in version 9.4.18 of the Send Anywhere application for the Android platform, which stems from a failure of the program to securely store information, which...
CVE-2019-13100
The Send Anywhere application 9.4.18 for Android stores confidential information insecurely on the system i.e., in cleartext, which allows a non-root user to find out the username/password of a valid user via /data/data/com.estmob.android.sendanywhere/sharedprefs/sendanywheredevice.xml...
CVE-2019-13099
The Momo application 2.1.9 for Android stores confidential information insecurely on the system i.e., in cleartext, which allows a non-root user to find out the username/password of a valid user and a user's access token via Logcat...
CVE-2018-18978
An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded encryption key. Extraction of the encryption key is necessary for deciphering communications between this application and the backend server. This, in combination with...
CVE-2019-5767
Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK...
Pre-Installed Android App Impacts Millions with Slew of Malicious Activity
A pre-installed Android application on Alcatel smartphones has been found surreptitiously siphoning off geolocation data, email addresses and phone identification numbers and sending the data to a server in China. Analysts with Upstream’s Secure-D platform said that the app, Weather Forecast—Worl...
SAP Fiori Client Design Vulnerability
SAP Fiori Client is a client program from SAP Germany for running the SAP Fiori Launchpad on mobile devices. A security vulnerability exists in SAP Fiori Client. An attacker can exploit the vulnerability to remove the SSO configuration with the help of an arbitrary Android application...
CVE-2018-2482
SAP Mobile Secure Android Application, Mobile-secure.apk Android client, before version 6.60.19942.0, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Install the Mobile Secure Android client released in Mid-Oct 2018...
How was I to find Donald Daters applications database vulnerabilities-vulnerability warning-the black bar safety net
Monday night as usual I watch TV to pass the time, but there is nothing interesting in the program. So I decided on the phone looking for fun, I started aimlessly on Twitter through various tweets, a Fox News push content caught my attention. ! Someone of Trump's supporters developed a...