EZZY APP Android version of the deposit function module has a payment design loophole

EZZY APP is a car intelligent sharing platform APP created by Beijing Daimeng Technology Co. The Android version of EZZY APP has a vulnerability in the amount payment design. After logging into the system, an attacker can arbitrarily modify the size of the payment amount by clicking on the paymen...

Milwaukee ONE-KEY Android mobile application unauthorized operation vulnerability

Milwaukee ONE-KEY Android mobile application is an automation tool control program based on the Android platform from Milwaukee Tool. A security vulnerability exists in the Milwaukee ONE-KEY Android mobile application. The vulnerability can be exploited by remote attackers to perform user actions...

Directory Traversal Vulnerability in Hiroshima Carsharing App Android Version

Hiroshima Car Sharing App is a car rental software. There is a directory traversal vulnerability in the Android version of Hongyang Shared Car APP, which can be exploited by an attacker to directly view and download sensitive information such as ID card, driver's license, db file, code...

Cloud Inspection App for Android has a logic flaw

Cloud Inspection is a scanning application authorized by the Entry-Exit Inspection and Quarantine Bureau, which allows you to find out the price, origin, date of entry, inspection and quarantine information of the goods. There is a logical loophole in the Android version of the Cloud Inspection...

Microtransit EV Android App Has Logic Design Flaws

Microbus EV APP is a car time-share rental service software. Microtransit EV Android APP has a logical design vulnerability, the attacker logs into the system by grabbing packets to modify the user ID, logs into any account, and also performs unauthorized operations, such as funds consumption...

Shenzhen Yuanzheng Technology golo Android APP has arbitrary account login vulnerability

golo APP is a social networking application that uses instant messaging as a communication platform to connect automotive repair technicians with car owners. A vulnerability exists in Shenzhen Yuanzheng Technology's golo Android APP that allows an attacker to log in to any account. An attacker ca...

APKiD - Android Application Identifier for Packers, Protectors, Obfuscators and Oddities

APKiD gives you information about how an APK was made. It identifies many compilers, packers, obfuscators, and other weird stuff. It's PEiD for Android. For more information on what this tool can be used for, check out: Android Compiler Fingerprinting Detecting Pirated and Malicious Android Apps...

China Aerospace Science and Industry Corporation (CASIC) Aerospace 731 Hospital Android APP suffers from overstepping access vulnerability

"Aerospace 731 Hospital" is the official cell phone application software launched by China Aerospace Science and Industry Corporation CASIC 731 Hospital, aiming to simplify the medical process, reduce the waiting time for medical treatment on the basis of the hospital's existing services,...

Shenzhen Armed Police Hospital Android APP has information leakage vulnerability

"Shenzhen Armed Police Hospital" is the Shenzhen Armed Police Hospital official cell phone application software, designed to simplify the process of medical treatment on the basis of the hospital's existing services, reduce the waiting time for medical treatment, convenient for patients to seek...

Virtual Postage (VPA) - Man In The Middle Remote Code Execution

Virtual Postage VPA - Man In The Middle Remote Code Execution Exploit Title: Virtual Postage VPA - Remote Code Execution via MITM Date: 20/Jul/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=a2.virtualpostage.com http://archive.is/EdtJT Software Link: N/A...

Using the CTS for vulnerability detection and principles of analysis-vulnerability warning-the black bar safety net

360 Vulpecker team Membership 360 Information Security Department, committed to the Android application and the system-layer vulnerability discovery as well as other Android security research. We passed on the CTS frame of the research, the preparation of a vulnerability detection aspect of the...

CVE-2017-3749

On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750...

Override Access Vulnerability in BuyGift.com App (Android Version)

BuyGift.com APP is a mobile client that provides users with online shopping services. A vulnerability exists in BuyGift.com APP Android version that allows an attacker to gain unauthorized access to other people's receipt information...

SAP Business One For Android 1.2.3 XML Injection

Exploit Title: Blind XXE XML External Entityin SAP Date of Disclosure: 17/05/2017 Author: Ravindra Singh Rathore Vendor Homepage: https://www.sap.com/products/business-one.html Product - SAP Business One Android Application Version - 1.2.3 Security Note: 2378065 CVE - CVE-2016-6256 CVSS - 6.5 XXE...

SAP Business One for Android 1.2.3 - XML External Entity Injection Vulnerability

Exploit for Android platform in category web applications Exploit Title: Blind XXE XML External Entityin SAP Date of Disclosure: 17/05/2017 Author: Ravindra Singh Rathore Vendor Homepage: https://www.sap.com/products/business-one.html Product - SAP Business One Android Application Version - 1.2.3...

SAP Business One for Android 1.2.3 - XML External Entity Injection

Exploit Title: Blind XXE XML External Entityin SAP Date of Disclosure: 17/05/2017 Author: Ravindra Singh Rathore Vendor Homepage: https://www.sap.com/products/business-one.html Product - SAP Business One Android Application Version - 1.2.3 Security Note: 2378065 CVE - CVE-2016-6256 CVSS - 6.5 XXE...

Default credentials

360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android or iOS application...

Inspeckage - (Android Package Inspector) Dynamic Analysis With Api Hooks, Start Unexported Activities And More

Inspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to functions of the Android API, Inspeckage will help you understand what an Android application is doing at runtime. http://ac-pm.github.io/Inspeckage https://twitter.com/inspeckage...

CVE-2017-8221

Wireless IP Camera P2P WIFICAM devices rely on a cleartext UDP tunnel protocol aka the Cloud feature for communication between an Android application and a camera device, which allows remote attackers to obtain sensitive information by sniffing the network...

Design/Logic Flaw

Wireless IP Camera P2P WIFICAM devices rely on a cleartext UDP tunnel protocol aka the Cloud feature for communication between an Android application and a camera device, which allows remote attackers to obtain sensitive information by sniffing the network...