489 matches found
CVE-2023-42128 Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability
Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must...
CVE-2023-42128 Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability
Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must...
CVE-2023-38292
Certain software builds for the TCL 20XE Android device contain a vulnerable, pre-installed app with a package name of com.tct.gcs.hiddenmenuproxy versionCode='2', versionName='v11.0.1.0.0201.0' that allows local third-party apps to programmatically perform a factory reset due to inadequate acces...
PT-2024-14837 · Genie Company · Aladdin Connect Mobile Application
Name of the Vulnerable Software and Affected Versions: The Genie Company Aladdin Connect Mobile Application versions 5.65 Build 2075 and below Description: The issue concerns the storage of users' product account authentication data in clear text within the application. This allows an attacker wi...
First handset with MTE on the market
By Mark Brand, Google Project Zero Introduction It's finally time for me to fulfill a long-standing promise. Since I first heard about ARM's Memory Tagging Extensions, I've said to far too many people at this point to be able to back out… that I'd immediately switch to the first available device...
CVE-2023-43488
The vulnerability allows a low privileged untrusted application to modify a critical system property that should be denied, in order to enable the ADB Android Debug Bridge protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical...
A week in security (October 9 - October 15)
Last week on Malwarebytes Labs: Explained: Quishing Update now! Atlassian Confluence vulnerability is being actively exploited Giant health insurer struck by ransomware didn't have antivirus protection Ransomware review: October 2023 Stalkerware activity drops as glaring spying problem is reveale...
How to remove Secure Hub from an Android device enrolled using Legacy DA mode
How to remove Secure Hub from an Android device enrolled using Legacy Device Administrator DA mode...
CVE-2023-28369
Brother iPrint&Scan V6.11.2 and earlier contains an improper access control vulnerability. This vulnerability may be exploited by the other app installed on the victim user's Android device, which may lead to displaying the settings and/or log information of the affected app as a print preview...
CVE-2023-21087
In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12...
CVE-2023-25954
KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user's Android device, the app may send an intent and...
CVE-2022-20539
In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
Android Enterprise - How to remove Managed configuration policy from Android device
How to removeManaged configuration policy pushed to Android devices...
Adware found on Google Play — PDF Reader serving up full screen ads
A PDF reader found on Google Play with over one million downloads is aggressively displaying full screen ads, even when the app is not in use. More specifically, the reader is known as PDF reader - documents viewer, package name com.document.pdf.viewer. As a result, this aggressive behavior lands...
The vulnerability of IMAP servers for direct-access voice mail systems with the Visual Voice Mail (VVM) visual interface for Android allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of IMAP servers for direct-access voice mail services with the Visual Voice Mail VVM visual interface on Android devices is related to insufficient protection of service data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to...
Nanobrok - Web Service For Control And Protect Your Android Device Remotely
Web Service write in Python for control and protect yourandroid device remotely. The official app can be found on the PlayStore: NanobrokPro Nanobrok Community Overview Nanobrok-Server is powerful opensource webservice for control and protect your android device, written in Python, that allow and...
CVE-2021-23155
Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Client for Android 8.60 versions prior to 8.60.065; version 8.50 and prior versions...
Authentication flaw
In Ionic Identity Vault before 5, a local root attacker on an Android device can bypass biometric authentication...
CVE-2021-0600
In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...
Telegram 缓冲区错误漏洞
Telegram is an instant messaging mobile application. A heap buffer overflow vulnerability exists in the custom derived function LOTGradient :: populate of the rlottie library in Telegram Android version prior to 7.1.0 2090, iOS version prior to 7.1, and macOS version prior to 7.1. An attacker can...