5832 matches found
CVE-2017-6104
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0...
CVE-2017-6104
CVE-2017-6104 concerns the WordPress plugin Mobile App Native 3.0, where the file upload endpoint at zen-mobile-app-native/server/images.php accepts uploads without authentication and without validating the file content. The vulnerability allows an attacker to upload arbitrary files (e.g., PHP sh...
WordPress Mobile App Native 3.0 Shell Upload Vulnerability
WordPress Mobile App Native plugin version 3.0 suffers from a remote shell upload vulnerability. Title: Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0 Vulnerability Date: 2017-02-27 Download: https://wordpress.org/plugins/zen-mobile-app-native/ Vendor:...
Instant Followers Pro+ - Native code usage, SD-card access, Suspicious files vulnerabilities
HackApp vulnerability scanner discovered that application Instant Followers Pro+ published at the 'play' market has multiple vulnerabilities...
Mobile App Native <= 3.0 - Remote File Upload
The code in file ./zen-mobile-app-native/server/images.php doesn't require authentication or check that the user is allowed to upload content. It also doesn't sanitize the file upload against executable code. $ curl -F "file=@/var/www/shell.php"...
Chrome: bypass for download filetype blacklist, extension->native privesc
This bug report describes a vulnerability that can be used by an extension with some permissions to escalate to native code execution on Linux desktops if Java is installed. No user interaction is required. Chrome permits extensions with appropriate permissions "downloads" and "downloads. open" t...
Pokémon Duel - Dynamic Code Loading, External URLs, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application Pokémon Duel published at the 'play' market has multiple vulnerabilities...
Messaging Lite G - Exported components, External URLs, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application Messaging Lite G published at the 'play' market has multiple vulnerabilities...
SMS and MMS Diary - Dynamic Code Loading, External URLs, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application SMS and MMS Diary published at the 'play' market has multiple vulnerabilities...
MMS - Corrupted files, External URLs, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application MMS published at the 'play' market has multiple vulnerabilities...
Sword Of Xolan - Dynamic Code Loading, External URLs, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application Sword Of Xolan published at the 'play' market has multiple vulnerabilities...
Dragon Blaze - Certificates or keys found, MIT license, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application Dragon Blaze published at the 'play' market has multiple vulnerabilities...
Download Manager IDM - Dynamic Code Loading, External URLs, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application Download Manager IDM published at the 'play' market has multiple vulnerabilities...
EBookDroid - PDF & DJVU Reader - Dangerous filesystem permissions, External URLs, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application EBookDroid - PDF & DJVU Reader published at the 'play' market has multiple vulnerabilities...
Google Nexus Realtek Sound Driver Elevation of Privilege Vulnerability
Google Nexus 9 is a tablet computer from Google, U.S.A. Nexus Realtek Sound Driver is one of the sound card driver components. An elevation of privilege vulnerability exists in Realtek sound driver, which can be exploited by an attacker to cause a native application to execute arbitrary code in t...
Shopify POS — Point of Sale - Dangerous filesystem permissions, External URLs, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application Shopify POS — Point of Sale published at the 'play' market has multiple vulnerabilities...
Cross-site Scripting (XSS) Via SendToBridge
react-native-webview-bridge is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of user input sanitization when a user can send a string through sendToBridge. The unsanitized string is then interpreted as JavaScript code, causing the webview to be affected ...
UZCARD - Customized SSL, External URLs, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application UZCARD published at the 'play' market has multiple vulnerabilities...
Mobile Cash - Dangerous filesystem permissions, External URLs, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application Mobile Cash published at the 'play' market has multiple vulnerabilities...
Ford Prosys - External URLs, KeyStore usage, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application Ford Prosys published at the 'play' market has multiple vulnerabilities...