Directory Traversal

Overview com.google.android.play:core is a Google Play Core Library. Affected versions of this package are vulnerable to Directory Traversal. This flaw is in the SplitCompat.install endpoint. A malicious attacker can create an apk which targets a specific application, and if a victim were to...

CVE-2020-7384

Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine...

CVE-2020-7744

This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Do...

CVE-2018-21042

An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 software. Dual Messenger allows installation of an arbitrary APK with resultant privileged code execution. The Samsung ID is SVE-2018-13299 December 2018...

AndroVideo Advan VD-1 Access Control Error Vulnerability

The AndroVideo Advan VD-1 is a security camera from AndroVideo Taiwan, China. An access control error vulnerability exists in AndroVideo Advan VD-1. The vulnerability can be exploited to install arbitrary APKs without authentication by sending a POST request to the cgibin/ApkUpload.cgi file...

CVE-2017-0839

An information disclosure vulnerability in the Android media framework libeffects. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64478003...

CVE-2017-0845

A denial of service vulnerability in the Android framework syncstorageengine. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827...

Lack of signature authentication vulnerability in some Huawei apps

Some Huawei APPs are vulnerable to lack of signature verification. Since some Huawei APPs do not support APK file signature verification. Attackers can use this vulnerability to hijack and replace APK files. Successful exploitation can lead to APP hijacking...

The vulnerability of the Android operating system allows a hacker to bypass existing policies regarding user permissions and interaction requirements.

The vulnerability of the Package Manager component in the Android operating system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to bypass existing user permission policies and interaction requirements...

Android Package Inspector: Inspeckage

Inspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to functions of the Android API, Inspeckage will help you understand what an Android application is doing at runtime. Inspeckage will let you interact with some elements of the app, such as...

CVE-2016-6774

An information disclosure vulnerability in Package Manager could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate because it first requires compromising a privileged process. Product:...