1377 matches found
CVE-2017-8221
CVE-2017-8221 affects Wireless IP Camera (P2P) WIFICAM devices using the GoAhead HTTP server. The issue combines a pre-auth info leak in the GoAhead web UI that exposes credentials (via system.ini and related files) when accessed with certain URIs, with an authenticated RCE path through the GoAhe...
CVE-2016-1520
The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application...
Android Package Inspector: Inspeckage
Inspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to functions of the Android API, Inspeckage will help you understand what an Android application is doing at runtime. Inspeckage will let you interact with some elements of the app, such as...
VeryAndroid SMS & MMS Backup - SD-card access, Unsafe deleting vulnerabilities
HackApp vulnerability scanner discovered that application VeryAndroid SMS & MMS Backup published at the 'play' market has multiple vulnerabilities...
X (Formerly Twitter): Vine - overwrite account associated with email via android application
Hi, It's possible to deny any user from logging in to his account by overwriting the password associated with his email. This is not an account takeover because while we do override the password associated with that specific mail we just login to a "new" account and not the user's original one...
Simple Android application service end of the security vulnerability of SQL injection vulnerability and file upload vulnerability-vulnerability warning-the black bar safety net
The first three weeks, the dandelion for everyone brief introduction to the Android application of APP end of the Common Vulnerabilities, they are: Android-developers APP end common security vulnerability interpretation-sensitive information disclosure vulnerability Simple App end security...
HS-110 Smart Plug Account Takeover / Insecure Design
Content Table 1. Introduction 2. The Firmware 3. The Android Application 4. The Problems 5. Conclusion 6. Appendix 6.1. Excursion Dalvik 6.2 Control script 1. Introduction The HS-110 is a Smart Plug meaning it is capable of being controlled with commands via a network. TP-Link released a mobile...
Ali poly security Android application vulnerability scanner analysis: local denial of service detection detailed explanation-vulnerability warning-the black bar safety net
Ali poly security of the Android application vulnerability scanners have a detection item is a local denial of service vulnerability detection using static analysis applied motion blur test of the method to the detection, the detection results are accurate and comprehensive. This article will tal...
China Mobile 139 Mailbox Android V6.6.1 suffers from gesture password plaintext storage vulnerability
139 Mailbox APP is a general-purpose mailbox client launched by China Mobile. A vulnerability exists in the plaintext storage of gesture passwords in China Mobile 139 Mailbox Android V6.6.1. Since the user's gesture password storage is not encrypted, an attacker can utilize the vulnerability to...
Man-in-the-middle attack vulnerabilities in multiple DMM products
DMM FX Trade for Android and others are Android-based applications developed by DMM Securities Inc. of Japan for foreign exchange trade transactions. A security vulnerability exists in several DMM products, which stems from the program's failure to validate SSL server certificates. An attacker...
Free Kids Musical Instruments - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Free Kids Musical Instruments published at the 'play' market has multiple vulnerabilities...
Booster for Android - FREE - Customized SSL, Redefined SSL Common Names verifier, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Booster for Android - FREE published at the 'play' market has multiple vulnerabilities...
Auto 4 Android™ Read Message - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Auto 4 Android™ Read Message published at the 'play' market has multiple vulnerabilities...
Photo Editor for Android - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Photo Editor for Android published at the 'play' market has multiple vulnerabilities...
AA App for Android™ - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application AA App for Android™ published at the 'play' market has multiple vulnerabilities...
AC News & Forums for Android™ - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities
HackApp vulnerability scanner discovered that application AC News & Forums for Android™ published at the 'play' market has multiple vulnerabilities...
MOTORRAD für Android - BSD license, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application MOTORRAD für Android published at the 'play' market has multiple vulnerabilities...
Video face time for android - Customized SSL, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Video face time for android published at the 'play' market has multiple vulnerabilities...
AntiVirus Android - BSD license, Base64 encoded String, Customized SSL vulnerabilities
HackApp vulnerability scanner discovered that application AntiVirus Android published at the 'play' market has multiple vulnerabilities...
ok.ru: Multiple critical vulnerabilities in Odnoklassniki Android application
Hello, I have recently found several critical vulnerabilities in Odnoklassniki Android application, which is one of your projects, thus I am reporting it here. The first vulnerability is so called Intent spoofing. The vulnerability lies in ability to start the video upload activity of Odnoklassni...