Firebase CLI 安全漏洞

Firebase CLI is a command line tool from Firebase Inc. in the United States. A security vulnerability exists in Firebase CLI, which originated from a vulnerability that allows a user who is running the emulator to exploit the vulnerability to navigate to a malicious website on a browser that allo...

The vulnerability of the Firebase Database Check framework in the Mobile Security Framework (MobSF) allows a attacker to perform an SSRF attack.

The vulnerability of the Firebase Database Check framework used in the Mobile Security Framework MobSF for security research in mobile applications is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack remotely...

@andrei-tatar/nora-firebase-common Prototype Pollution vulnerability

An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method...

CVE-2024-30564

The CVE-2024-30564 issue affects andrei-tatar/nora-firebase-common in versions 1.0.41 through 1.12.2, where a crafted script submitted to the updateState parameter of updateStateInternal can enable remote code execution. Multiple sources corroborate the vulnerability’s presence across Red Hat, Ve...

PT-2024-23492 · Unknown · Inandrei-Tatar Nora-Firebase-Common

Name of the Vulnerable Software and Affected Versions: inandrei-tatar nora-firebase-common versions 1.0.41 through 1.12.2 Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method. This enables the...

CVE-2024-30564

An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method...

Hackers Targeting Human Rights Activists in Morocco and Western Sahara

Human rights activists in Morocco and the Western Sahara region are the targets of a new threat actor that leverages phishing attacks to trick victims into installing bogus Android apps and serve credential harvesting pages for Windows users. Cisco Talos is tracking the activity cluster under the...

Starry Addax targets human rights defenders in North Africa with new malware

Cisco Talos is disclosing a new threat actor we deemed "Starry Addax" targeting mostly human rights activists associated with the Sahrawi Arab Democratic Republic SADR cause with a novel mobile malware. Starry Addax conducts phishing attacks tricking their targets into installing malicious Androi...

Server Side Request Forgery

mobsf is vulnerable to Server Side Request Forgery. The vulnerability is due to a flaw in the firebase database check logic, allowing attackers to manipulate the server to make connections to internal-only services within the organization's infrastructure when a malicious app is uploaded to the...

CVE-2024-31215

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...

CVE-2024-31215 Mobile Security Framework (MobSF) vulnerable to Server-Side Request Forgery (SSRF) in firebase database check

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...

CVE-2024-31215 Mobile Security Framework (MobSF) vulnerable to Server-Side Request Forgery (SSRF) in firebase database check

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...

CVE-2024-31215

MobSF (Mobile Security Framework) is affected by a Server-Side Request Forgery (SSRF) in the firebase database check logic. The vulnerability allows an attacker to cause the MobSF server to connect to internal-only services within the organization’s infrastructure when a malicious app is uploaded...

CVE-2024-31215 Mobile Security Framework (MobSF) vulnerable to Server-Side Request Forgery (SSRF) in firebase database check

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...

Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check

Impact What kind of vulnerability is it? Who is impacted? SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When malicious app is uploaded to Static analyzer, it is possib...

GHSA-WPFF-WM84-X5CX Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check

Impact What kind of vulnerability is it? Who is impacted? SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When malicious app is uploaded to Static analyzer, it is possib...

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...

PT-2024-2891 · Unknown · Mobile Security Framework

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 3.9.8 Description: A Server-Side Request Forgery SSRF vulnerability exists in the firebase database check logic of the Mobile Security Framework MobSF. This allows an attacker to cause the...

PT-2024-23: Server-Side Request Forgery (SSRF) in Mobile Security Framework (MobSF)

The vulnerability was identified in Mobile Security Framework MobSF, versions =3.9.7. The discovered SSRF vulnerability in Firebase Database Check can be exploited by an attacker to make server connect to internal-only services. It is possible to make internal requests in case a malicious app is...

19 million plaintext passwords exposed by incorrectly configured Firebase instances

Three researchers scanned the internet for vulnerable Firebase instances, looking for personally identifiable information PII. Firebase is a platform for hosting databases, cloud computing, and app development. Its owned by Google and was set up to help developers build and ship apps. What the...