Design/Logic Flaw

The Ming Blacklist Free vc.software.blacklist application 1.8.1 and 1.9.2.1 for Android does not properly protect data, which allows remote attackers to read or modify blacklists and a contact list via a crafted application that launches a "data-flow attack."...

Design/Logic Flaw

The Tencent MobileQQ com.tencent.mobileqq application 2.2 for Android does not properly protect data, which allows remote attackers to read or modify messages and a friends list via a crafted application...

Information disclosure

The Tencent QQPhoto com.tencent.qqphoto application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a crafted application...

Code injection

The Ubermedia Twidroyd Legacy com.twidroydlegacy application 4.3.11 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted application...

Design/Logic Flaw

The QIWI Wallet ru.mw application before 1.14.2 for Android does not properly protect data, which allows remote attackers to read or modify financial information via a crafted application...

Default credentials

The Kaixin001 com.kaixin001.activity application 1.3.1 and 1.3.3 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a cleartext password via a crafted application...

Design/Logic Flaw

The Xiaomi MiTalk Messenger com.xiaomi.channel application before 2.1.320 for Android does not properly protect data, which allows remote attackers to read or modify messaging information via a crafted application...

Code injection

The CallConfirm jp.gr.javaconf.ofnhwx.callconfirm application 2.0.0 for Android does not properly protect data, which allows remote attackers to read or modify allow/block lists via a crafted application...

Design/Logic Flaw

The Voxofon com.voxofon application before 2.5.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS information via a crafted application...

Code injection

The Tencent WBlog com.tencent.WBlog 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application...

CVE-2011-4772

CVE-2011-4772 affects the Android app 360 KouXin (com.qihoo360.kouxin) version 1.5.3. The issue is improper data protection that allows remote attackers to read or modify SMS messages and a contact list via a crafted application. Root cause: insufficient protection of sensitive data. Impact: conf...

CVE-2011-4867

The Tencent QQPhoto com.tencent.qqphoto application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a crafted application...

CVE-2011-4864

The Tencent MobileQQ com.tencent.mobileqq application 2.2 for Android does not properly protect data, which allows remote attackers to read or modify messages and a friends list via a crafted application...

CVE-2011-4702

CVE-2011-4702 affects the Nimbuzz (com.nimbuzz) Android app versions 2.0.8 and 2.0.10. The description states insufficient data protection allows remote attackers to read or modify a user’s contact list via a crafted application. The available sources repeat the same impact without detailing the ...

CVE-2011-4867

The CVE-2011-4867 entry applies to the Android Tencent QQPhoto (com.tencent.qqphoto) app, version 0.97. The vulnerability is described as an improper data protection flaw that allows remote attackers to read or modify contact information and a password hash through a crafted application. The prov...

CVE-2011-4866

The CVE-2011-4866 entry concerns the Kaixin001 Android app (com.kaixin001.activity) versions 1.3.1 and 1.3.3. The root cause is improper data protection, allowing remote attackers to read or modify contacts and a cleartext password via a crafted application. Impact is data exposure and integrity ...

CVE-2011-4704

The CVE-2011-4704 entry concerns the Voxofon Android app (package com.voxofon) prior to version 2.5.2. According to the provided documents, the vulnerability arises because the application does not properly protect data, enabling remote attackers to read or modify SMS information via a crafted ap...

CVE-2011-4863

The CVE concerns Tencent QQPimSecure (com.tencent.qqpimsecure) on Android, version 3.0.2. The flaw is a data protection weakness that allows remote attackers to read or modify SMS/MMS messages and the contact list via a crafted application. The vulnerability is described without exploit specifics...

CVE-2011-4704

The Voxofon com.voxofon application before 2.5.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS information via a crafted application...

CVE-2011-4700

UberSocial (com.twidroid) for Android, versions 7.x before 7.2.4, has improper data protection that can let a crafted app remotely read or modify Twitter information from the device. Root cause details are not specified in the provided documents. Impact is sensitive Twitter data exposure/influenc...