Samsung Galaxy S7 Edge: Overflow in OMACP WbXml String Extension Processing(CVE-2018-10751)

OMACP is a protocol supported by many mobile devices which allows them to receive provisioning information over the mobile network. One way to provision a device is via a WAP push SMS message containing provisioning information in WbXML. A malformed OMACP WAP push message can cause memory...

Werewolf Online Android App Information Leakage Vulnerability

Werewolf Online is a "werewolf" game for Android. Werewolf Online Android 0.8.8 suffers from an information leakage vulnerability, which can be exploited by an attacker to discover Firebase tokens via logcat output...

Samsung Galaxy S7 Edge - Overflow in OMACP WbXml String Extension Processing

Samsung Galaxy S7 Edge - Overflow in OMACP WbXml String Extension Processing OMACP is a protocol supported by many mobile devices which allows them to receive provisioning information over the mobile network. One way to provision a device is via a WAP push SMS message containing provisioning...

MakeMyTrip 7.2.4 - Information Disclosure Vulnerability

Exploit for Android platform in category local exploits Exploit Title: Android Application MakeMyTrip 7.2.4 - Unencrypted Database Files Software Link: MakeMyTrip v7.2.4 Android Application Exploit Author: Divya Jain Version: 7.2.4 Android App CVE: CVE-2018-11242 Category: Mobileapps Tested on:...

MakeMyTrip 7.2.4 - Information Disclosure

Exploit Title: Android Application MakeMyTrip 7.2.4 - Unencrypted Database Files Date: 2018-05-21 Software Link: MakeMyTrip v7.2.4 Android Application Exploit Author: Divya Jain Version: 7.2.4 Android App CVE: CVE-2018-11242 Category: Mobileapps Tested on: Android v5.1 1. Description Android...

Lenovo Help Android mobile app information disclosure vulnerability

Lenovo Help Android is an Android-based mobile application from Lenovo, a Chinese company, for getting support for Lenovo products. A security vulnerability exists in the Lenovo Help Android mobile application prior to version 6.1.2.0327, which can be exploited to obtain information over an HTTP...

CVE-2018-5298

In the Procter & Gamble "Oral-B App" aka com.pg.oralb.oralbapp application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access to the preferences...

DuoLingo TinyCards application for Android Man-in-the-Middle Attack Vulnerability

DuoLingo TinyCards application for Android is a memory workout application based on the Android platform. A security vulnerability exists in versions of the DuoLingo TinyCards application for Android prior to version 1.0, which stems from the program's use of unencrypted HTTP, and can be exploite...

CVE-2017-17436

An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with "Highest Level Bluetooth Encryption" and...

Code injection

An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with "Highest Level Bluetooth Encryption" and...

CVE-2017-17436

An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with "Highest Level Bluetooth Encryption" and...

Arbitrary Account Password Reset Vulnerability in Netxi Smart Android APP

Netxi Smart Android APP is a water purifier monitoring software. Netxi Smart Android APP has a reset any account password vulnerability, the attacker only need the other party's cell phone number to change their passwords, leak the user's sensitive information or loss of funds...

Top Smart Android APP has logic design flaws

Top Smart Android APP is a marketing management software for the majority of users. The software can help users keep abreast of information developments and activities in the smart home industry. There is a logic design vulnerability in Top Smart Android APP. Attackers can log in to any account b...

CVE-2017-15998

In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network...

CVE-2017-15882

The London Trust Media Private Internet Access PIA application before 1.3.3.1 for Android allows remote attackers to cause a denial of service application crash via a large VPN server-list file...

Command injection

The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution...

Remote code execution

The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. This exposes the application to man-in-the-middle attacks leading to possible remote code execution...

CVE-2017-3760

The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. This exposes the application to man-in-the-middle attacks leading to possible remote code execution...

Chengdu Municipal People's Government Network Governance Platform Android APP has overstepping loopholes

Chengdu Municipal People's Government Network Governance Platform Android APP is a people's service software. There is an overstepping vulnerability in Chengdu Municipal People's Government Network Governance Platform Android APP. After registering and logging into the client, an attacker can...

Logic design flaws in the Android version of Eye Neighborhood App of Aire Eye Group

Eye Neighborhood APP is an all-round eye health management application, which monitors your eye health anytime and anywhere, consults with professional ophthalmologists online, and connects with offline eye health medical products to provide users with professional checkups and treatment services...