4054 matches found
CVE-2020-4100
HCL Verse for Android is affected by a vulnerability linked to its use of dynamic code loading. The root cause is the ability to load components at runtime, which can lead to loading unintended code if not implemented properly. Some connected reports explicitly describe a HCL Verse Android code-e...
CVE-2020-4100
"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime;...
CVE-2019-15417
The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app versionCode=7, versionName=7.0.5 that allows unauthorized dynamic code...
Code injection
The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app versionCode=7, versionName=7.0.5 that allows unauthorized dynamic code...
CVE-2019-15417
The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app versionCode=7, versionName=7.0.5 that allows unauthorized dynamic code...
CVE-2019-15417
The CVE-2019-15417 entry concerns a Tecno Spark Pro Android device (build TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys) with a pre-installed app, com.lovelyfont.defcontainer (versionCode 7, versionName 7.0.5), that allows unauthorized dynamic code loading via a conf...
DECAF - Short for Dynamic Executable Code Analysis Framework
DECAF++, the new version of DECAF, taint analysis is around 2X faster making it the fastest, to the best of our knowledge, whole-system dynamic taint analysis framework. This results in a much better usability imposing only 4% overhead SPEC CPU2006 when no suspicious tainted input exists. Even...
Flare-Emu - Powered by IDA Pro and the Unicorn emulation framework that provides scriptable emulation features for the x86, x86_64, ARM, and ARM64 architectures to reverse engineers
flare-emu marries IDA Pro’s binary analysis capabilities with Unicorn’s emulation framework to provide the user with an easy to use and flexible interface for scripting emulation tasks. It is designed to handle all the housekeeping of setting up a flexible and robust emulator for its supported...
Joker Spyware Found in 24 Google Play Apps
A new spyware has been making the rounds in Android apps on Google Play, infecting victims post-download to steal their SMS messages, contact lists and device information. In addition to stealing victims’ information, the malware also stealthily signs them up for premium service subscriptions tha...
CVE-2019-11201
Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the sam...
CVE-2019-11201
Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the sam...
Code injection
Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the sam...
CVE-2019-11201
Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the sam...
Remote Code Execution (RCE)
dolibarr/dolibarr is vulnerable to remote code execution. The application does not restrict the usage of PHP commands and allows for remote attackers to add dynamic PHP code which could lead to execution of arbitrary OS commands...
zzzphp CMS 1.6.1 - Cross-Site Request Forgery
zzzphp CMS 1.6.1 - Cross-Site Request Forgery Exploit Title: Cross-Site Request ForgeryCSRF of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 26/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip...
zzzphp CMS 1.6.1 - Cross-Site Request Forgery
Exploit Title: Cross-Site Request ForgeryCSRF of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 26/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip Version: 1.6.1 Tested on:...
zzzphp CMS 1.6.1 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Cross-Site Request ForgeryCSRF of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 26/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link:...
zzzphp CMS 1.6.1 Cross Site Request Forgery
Exploit Title: Cross-Site Request ForgeryCSRF of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 26/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip Version: 1.6.1 Tested on:...
zzzphp CMS 1.6.1 - Remote Code Execution
zzzphp CMS 1.6.1 - Remote Code Execution Exploit Title: dynamic code evaluation of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 24/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip Version:...
zzzphp CMS 1.6.1 - Remote Code Execution
Exploit Title: dynamic code evaluation of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 24/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip Version: 1.6.1 Tested on: windows/Linux,iis/apache C...