CVE-2014-0357

Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application...

Coinbase: Coinbase Android Application - Bitcoin Wallet Leaks OAuth Response Code

Hi, There's a simple bug here, the Coinbase Android App. "BitCoin Wallet" leaks the OAuth Response Code which can be obtained using adb logcat -s Coinbase command line for testing, and any Android application on the same phone can read the response code for the user by reading the logs. As of now...

JVN#05951929: sp mode mail issue where emails in the process of creation may be accessed

sp mode mail provided by NTT DOCOMO contains an application link interface so that mail data can be exchanged with external application during email creation. When the application to be linked is selected, the email contents and attachment are saved to the SD card, therefore other Android...

Adobe Photo Loader Malware Posts Craigslist Spam

An attacker is going to a lot of trouble to post spam messages to Craigslist. Researchers at Solera Networks have come across an attack where malware is using compromised machines to post poorly worded ads for an Android application marketed at parents for the purposes of monitoring the activitie...

Google WebLogin Tokens Expose Google Apps, User Data

An exposure in the way Google handles authentication is an illustration of the unintended consequences of trading security for a little bit of convenience. Craig Young, a researcher from security company Tripwire, demonstrated at Def Con over the weekend how an Android single sign-on token known ...

TaxiMonger 2.6.2; 2.3.3 (Android) - Persistent Vulnerability

Document Title: =============== TaxiMonger 2.6.2; 2.3.3 Android - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=972 Release Date: ============= 2013-06-14 Vulnerability Laboratory ID VL-ID: ====================================...

CVE-2013-0720

The COBIME application before 0.9.4 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem...

Simeji vulnerable to information disclosure

Overview Simeji contains an issue in the access permissions for the certain files. Simeji is a Japanese Input Method Editor IME for Android devices. Simeji contains an issue in the access permissions for the certain files. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this...

CVE-2012-5183

The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files...

CVE-2012-4016

The ATOK application before 1.0.4 for Android allows remote attackers to read the learning information file, and obtain sensitive input-string information, via a crafted application...

JVN#90751882: Dolphin Browser vulnerable in the WebView class

Dolphin Browser is a web browser for Android devices. Dolphin Browser HD and Dolphin for Pad contain a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Upda...

Phone Phreaking using Bluebox Demonstrated in India

Phone Phreaking using Bluebox Demonstrated in India Christy Philip Mathew, an Indian Information Security Instructor and Hacker demonstrated Phone Phreaking using Bluebox in his lab. This time we have something really special that would remind us the phone phreaking. Actually Phone Phreaking...

CVE-2012-1382

Unspecified vulnerability in the Youdao Dictionary com.youdao.dict application 1.6.1, 2.0.12, and 3.0.01 for Android has unknown impact and attack vectors...

Code injection

Unspecified vulnerability in the NetEase WeiboHD com.netease.wbhd application 1.0.0 for Android has unknown impact and attack vectors...

CVE-2012-1399

Unspecified vulnerability in the U+Box 2.0 lg.uplusbox application 2.0.2 and 2.0.8.4 for Android has unknown impact and attack vectors...

Voodoo Carrier IQ detector application released for Android

Voodoo Carrier IQ detector application released forAndroid An Android developer recently discovered a clandestine application called Carrier IQ built into most smartphones that doesn't just track your location; it secretly records your keystrokes, and there's nothing you can do about it. A new...

Droidsheep : Android Application for Session Hijacking

Droidsheep : Android Application for Session Hijacking Droidsheep is free alternate of faceniff which is available on download droidsheep website for free. Its one click hijacking tool which supports Amazon.de facebook.com flickr.com twitter.com linkdein.com yahoo.com live.com google.de only the...