Design/Logic Flaw

The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information, by leveraging control over one of a number of adult sites, as demonstrated b...

CVE-2014-1887

The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information, by leveraging control over one of a number of adult sites, as demonstrated b...

CVE-2014-1887

The CVE concerns the DrinkedIn BarFinder Android app when used with Adobe PhoneGap 2.9.0 or earlier. The underlying issue allows a remote attacker to execute arbitrary JavaScript by exploiting control over certain adult sites (e.g., freelifetimecheating.com and www.babesroulette.com), which in tu...

CVE-2014-1887

The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information, by leveraging control over one of a number of adult sites, as demonstrated b...

Angry Birds and other Mobile Gaming apps leaking your private information to NSA

Are you fond of playing games on your Smartphone like Angry Birds or Subway Surfer?? You should now stop wasting your time, because NSA is utilizing your gaming energy in the best possible way. According to the latest documents leaked by former U.S. Government contractor Edward Snowden, Some of t...

Code injection

The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile Black Edition application 2.12.1 and earlier for Android provide Geolocation API data without verifying user consent, which allows remote attackers to obtain sensitive location information via a web site that makes API calls...

CVE-2014-0806

CVE-2014-0806 affects Sleipnir Mobile for Android (and Black Edition) up to version 2.12.1. The issue arises from improper handling of the Geolocation API, causing the user’s location data to be disclosed to websites that request it without user consent. The vulnerability can be exploited remotel...

CVE-2014-0806

The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile Black Edition application 2.12.1 and earlier for Android provide Geolocation API data without verifying user consent, which allows remote attackers to obtain sensitive location information via a web site that makes API calls...

Information disclosure vulnerability in Sleipnir Mobile for Android

Overview Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may result in the disclosure of a user's location. Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may resul...

JVN#81637882: Information disclosure vulnerability in Sleipnir Mobile for Android

Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may result in the disclosure of a user's location. Impact When a website that a user is viewing requests the user's location information, Sleipnir...

Starbucks Patches Vulnerable iOS App

Starbucks has patched a vulnerability in its iOS app that was found last week spilling user data, including usernames and passwords, by adding what it’s called an “additional safeguard measure” to protect its customers. While it’s a relatively quick turnaround for the company – it only took about...

[Creepy] Geolocation information Gathering through Social Networking Platforms

Creepy is a geolocation OSINT tool. Gathers geolocation related information from online sources, and allows for presentation on map, search filtering based on exact location and/or date, export in csv format or kml for further analysis in Google Maps. What's new in v1.0.x ? Creepy now uses Qt 4,...

DROPOUTJEEP: NSA's Secret program to access any Apple iPhone, including microphone & camera

In the era of Smartphones, Apple’s iPhone is the most popular device that exists, which itself gives the reason to target it. According to leaked documents shared by Security researcher Jacob Appelbaum, a secret NSA program code named DROPOUTJEEP has nearly total access to the Apple’s iPhones,...

Geolocation OSINT Tool Creepy

Geolocation OSINT Tool Creepy Creepy is a geolocation OSINT tool. Gathers geolocation related information from online sources, and allows for presentation on map, search filtering based on exact location and/or date, export in csv format or kml for further analysis in Google Maps. What’s new in...

Flashlight App Settles with FTC

The makers of a popular Android flashlight application have settled with the Federal Trade Commission over allegations that they covertly tracked the locations of the “Brightest Flashlight Free” users and sold that information to advertising firms. The FTC’s charges stem primarily from the fact...

[Ghiro v0.1] Digital Image Forensic Analyzer

Sometime forensic investigators need to process digital images as evidence. There are some tools around, otherwise it is difficult to deal with forensic analysis with lot of images involved. Images contain tons of information, Ghiro extracts these information from provided images and display them...

[Bluebox-ng] UC/VoIP Security Tool

Bluebox-ng is a next generation UC/VoIP security tool. It has been written in CoffeeScript using Node.js powers. This project is "our 2 cents" to help to improve information security practices in VoIP/UC environments. GitHub repo : https://github.com/jesusprubio/bluebox-ng IRCFreenode :...

Opera 16 Fixes Bugs, Improves HTML5 Performance

Norwegian software company Opera pushed out version 16 of its eponymous Internet browser this week, complete with what it’s calling “tons of bug fixes,” improved performance and a slew of new features and APIs. While the full changelog hasn’t been published yet, Ruarí Ødegaard, a member of Opera’...

CVE-2013-0835

Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service application crash via unknown vectors...

CVE-2013-0835

Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service application crash via unknown vectors...