CVE-2018-17402

The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide...

Authentication flaw

The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android, which results in an attacker being able to reuse cookies to bypass authentication and...

SAP Business One Android Application Certificate Validation Security Bypass Vulnerability

SAP Business One Android application is an Android-based business management software for small businesses from SAP. A certificate validation security bypass vulnerability exists in version 1.2 of the SAP Business One Android application, which can be exploited by an attacker to conduct a...

CVE-2018-2460

SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack...

Design/Logic Flaw

SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack...

Unspecified vulnerability in BHIM application for Android (CNVD-2019-41446)

BHIM application for Android is an Android platform based mobile payment application by National Payments India. A security vulnerability exists in National Payments Corporation in version 1.3 of the India BHIM application for Android-based platform. An attacker can exploit the vulnerability to...

CVE-2017-12577

An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password "admin:password" is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission...

Hardcoded credentials

An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password "admin:password" is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission...

CVE-2017-12577

An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password "admin:password" is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission...

CVE-2017-12577

CVE-2017-12577 affects PLANEX CS-QR20 (version 1.30). The Android app ships a hardcoded credential (admin:password) that can be used to access a hidden API URL /goform/SystemCommand, enabling an attacker to execute arbitrary commands with root privileges. This is tied to the Web UI component and ...

CVE-2017-13107

Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key...

CVE-2017-13108

DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key...

Code injection

Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication. This opens the application up to a man-in-the-middle attack having all of its encrypted traffic intercepted and read by an attacker...

CVE-2017-13106 Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption

Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key...

CVE-2017-13105 Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication

Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication. This opens the application up to a man-in-the-middle attack having all of its encrypted traffic intercepted and read by an attacker...

CVE-2017-13107 Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption

Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key...

Huawei Backup App - Mobile Reset Session Vulnerability

Document Title: =============== Huawei Backup App - Mobile Reset Session Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=1987 Video: https://www.youtube.com/watch?v=YAW9yL1CoW8 Advisory:...

Lenovo Help Android app information disclosure vulnerability

Lenovo Help Android app is a Chinese Lenovo Lenovo application that provides online support for Lenovo products such as computers, cell phones and data centers. The app is mainly used to check device information and warranty status of Lenovo products, etc. A security vulnerability exists in the...

CVE-2018-12445

An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in...

Olive Tree Ftp Server application for Android Information Disclosure Vulnerability

Olive Tree Ftp Server application for Android is an application for building FTP servers on the Android platform. A security vulnerability exists in the Olive Tree Ftp Server application for Android platform. An attacker can exploit the vulnerability to access sensitive data...