Lucene search
K

99 matches found

Vulnrichment
Vulnrichment
added 2024/04/04 4:10 p.m.8 views

CVE-2024-31215 Mobile Security Framework (MobSF) vulnerable to Server-Side Request Forgery (SSRF) in firebase database check

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...

6.3CVSS6.5AI score0.0051EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/04/04 2:39 p.m.30 views

Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check

Impact What kind of vulnerability is it? Who is impacted? SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When malicious app is uploaded to Static analyzer, it is possib...

6.3CVSS7AI score0.0051EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/03/22 11:54 p.m.11 views

GHSA-WFGJ-WRGH-H3R3 SSRF Vulnerability on assetlinks_check(act_name, well_knowns)

Summary While examining the "App Link assetlinks.json file could not be found" vulnerability detected by MobSF, we, as the Trendyol Application Security team, noticed that a GET request was sent to the "/.well-known/assetlinks.json" endpoint for all hosts written with "android:host". In the...

7.3CVSS7.2AI score0.00712EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2024/03/22 11:54 p.m.80 views

SSRF Vulnerability on assetlinks_check(act_name, well_knowns)

Summary While examining the "App Link assetlinks.json file could not be found" vulnerability detected by MobSF, we, as the Trendyol Application Security team, noticed that a GET request was sent to the "/.well-known/assetlinks.json" endpoint for all hosts written with "android:host". In the...

7.5CVSS7.2AI score0.00712EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2024/03/22 11:15 p.m.38 views

CVE-2024-29190

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also ...

7.5CVSS7.4AI score0.00712EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/03/22 10:12 p.m.54 views

CVE-2024-29190 MobSF SSRF Vulnerability on assetlinks_check(act_name, well_knowns)

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also ...

7.5CVSS7.6AI score0.00712EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/03/22 10:12 p.m.25 views

CVE-2024-29190 MobSF SSRF Vulnerability on assetlinks_check(act_name, well_knowns)

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also ...

7.5CVSS6.7AI score0.00712EPSS
Exploits1References3
CVE
CVE
added 2024/03/22 10:12 p.m.97 views

CVE-2024-29190

MobSF (Mobile Security Framework) vulnerability CVE-2024-29190 causes SSRF via hostname extraction in android:host when input validation is not performed in versions up to 3.9.5 Beta. The issue arises from host resolution in valid_host(), where socket.gethostbyname() can be abused with DNS rebind...

7.5CVSS7.3AI score0.00712EPSS
Exploits1References3Affected Software1
GithubExploit
GithubExploit
added 2024/01/07 9:34 p.m.108 views

Exploit for Path Traversal in Apktool

MobSF Remote code execution via CVE-2024-21633 I have found...

7.8CVSS8.1AI score0.0132EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2023/09/21 12:0 a.m.18 views

CVE-2023-42261

Mobile Security Framework MobSF =v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example,...

7.1AI score0.00691EPSS
Exploits1References4
CVE
CVE
added 2023/09/21 12:0 a.m.66 views

CVE-2023-42261

CVE-2023-42261 affects Mobile Security Framework (MobSF)

7.5CVSS7.7AI score0.00691EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2023/09/21 12:0 a.m.39 views

CVE-2023-42261

Mobile Security Framework MobSF =v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example,...

7.9AI score0.00691EPSS
Exploits1References4
OSV
OSV
added 2022/10/18 7:0 p.m.45 views

GHSA-F42P-VC8P-7X54 MobSF allows attackers to read arbitrary files via a crafted HTTP request

Mobile Security Framework MobSF v0.9.2 and below was discovered to contain a local file inclusion LFI vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request...

7.5CVSS7.3AI score0.012EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/10/18 7:0 p.m.28 views

MobSF allows attackers to read arbitrary files via a crafted HTTP request

Mobile Security Framework MobSF v0.9.2 and below was discovered to contain a local file inclusion LFI vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request...

7.5CVSS7.1AI score0.012EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2022/10/18 3:15 p.m.28 views

CVE-2022-41547

Mobile Security Framework MobSF v0.9.2 and below was discovered to contain a local file inclusion LFI vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request...

7.5CVSS0.012EPSS
Exploits1References2
Prion
Prion
added 2022/10/18 3:15 p.m.14 views

Cross site request forgery (csrf)

Mobile Security Framework MobSF v0.9.2 and below was discovered to contain a local file inclusion LFI vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request...

5CVSS7.3AI score0.012EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/10/18 12:0 a.m.58 views

CVE-2022-41547

MobSF (Mobile Security Framework) is affected up to version 0.9.2, with a local file inclusion (LFI) vulnerability in StaticAnalyzer/views.py that allows reading arbitrary files via a crafted HTTP request. The CVE notes a CVSS v3.1 base score of 7.5 (HIGH) with network attack vector, no authentic...

7.5CVSS7.3AI score0.012EPSS
Exploits1References2Affected Software1
Kitploit
Kitploit
added 2018/09/11 9:34 p.m.1894 views

MobSF (Mobile Security Framework) v1.0 - Mobile (Android/iOS) Automated Pen-Testing Framework

Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support...

7.3AI score
Exploits0References8
Kitploit
Kitploit
added 2015/10/24 11:7 p.m.205 views

MobSF (Mobile Security Framework) - Mobile (Android/iOS) Automated Pen-Testing Framework

Mobile Security Framework MobSF is an intelligent, all-in-one open source mobile application Android/iOS automated pen-testing framework capable of performing static and dynamic analysis. We've been depending on multiple tools to carry out reversing, decoding, debugging, code review, and pen-test...

7.5AI score
Exploits0References3
Rows per page
Query Builder