9 matches found
MobSF - Path Traversal
MobSF is vulnerable to an issue with apktool CVE-2024-21633 that allows for RCE or arbitrary file writing. It does this through a path traversal vulnerability. This template tests for it by writing to a local file and reading that file. RCE can be achieved by overwriting jadx, as shown in the two...
Linux Distros Unpatched Vulnerability : CVE-2024-21633
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource...
CVE-2024-21633
Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are...
Exploit for Path Traversal in Apktool
MobSF Remote code execution via CVE-2024-21633 I have found...
CVE-2024-21633
creationtimestamp| type| source ---|---|--- 2024-01-03 18:31:58+00:00| seen| https://t.me/ctinow/162527 2024-01-04 01:37:23+00:00| seen| https://t.me/cibsecurity/74338 2024-01-07 21:36:47+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/6387 2024-01-08 09:16:42+00:00| seen|...
UBUNTU-CVE-2024-21633
Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are...
CVE-2024-21633 Arbitrary file write on Decoding
Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are...
CVE-2024-21633
CVE-2024-21633 affects Apktool
CVE-2024-21633
Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are...