113 matches found
Design/Logic Flaw
In ColorOS oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP, RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the...
Exploit for Use After Free in Google Android
CVE-2019-2215 The following issue exists in the android-msm-wa...
New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild
Another day, another revelation of a critical unpatched zero-day vulnerability, this time in the world's most widely used mobile operating system, Android. What's more? The Android zero-day vulnerability has also been found to be exploited in the wild by the Israeli surveillance vendor NSO...
Android - Binder Driver Use-After-Free Exploit
The following issue exists in the android-msm-wahoo-4.4-pie branch of https://android.googlesource.com/kernel/msm and possibly others: There is a use-after-free of the wait member in the binderthread struct in the binder driver at /drivers/android/binder.c. As described in the upstream commit:...
CVE-2018-14996
The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CPH1723:7.1.1/N6F26Q/1513597833:user/release-keys contains a pre-installed platform app with a package name of com.dropboxchmod versionCode=1, versionName=1.0 that contains an exported service named...
Input validation
The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CPH1723:7.1.1/N6F26Q/1513597833:user/release-keys contains a pre-installed platform app with a package name of com.dropboxchmod versionCode=1, versionName=1.0 that contains an exported service named...
CVE-2018-14996
The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CPH1723:7.1.1/N6F26Q/1513597833:user/release-keys contains a pre-installed platform app with a package name of com.dropboxchmod versionCode=1, versionName=1.0 that contains an exported service named...
CVE-2018-14996
CVE-2018-14996 affects the Oppo F5 on OPPO/CPH1723 running Android 7.1.1, where a pre-installed platform app with package name com.dropboxchmod exposes an exported service DropboxChmodService . This service allows a co-located app with zero permissions to supply arbitrary commands to be executed ...
community.oppo.com XSS vulnerability
Vulnerable URL: http://community.oppo.com/id/forum.php Details: Description| Value ---|--- Patched:| No Latest check for patch:| 11.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Coordinated Disclosure...
account.community.oppo.com XSS vulnerability
Vulnerable URL: http://account.community.oppo.com/User/activeEmail/code/407873f1ba859254ab4de12a48c2481e59077fcc6782b/back/Ij48c2NyaXB0PmFsZXJ0KCJPUEVOQlVHQk9VTlRZIik8L3NjcmlwdD4= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS...
Beware! Pre-Installed Android Malware Found On 36 High-end Smartphones
Bought a brand new Android Smartphone? Do not expect it to be a clean slate. At least 36 high-end smartphone models belonging to popular manufacturing companies such as Samsung, LG, Xiaomi, Asus, Nexus, Oppo, and Lenovo, which are being distributed by two unidentified companies have been found...
oppo.com XSS vulnerability
Vulnerable URL: http://www.oppo.com/my/supports/imei-check/checkimei.php?ino=%22%3E%3Csvg/onload=prompt/XSSPOSED/%3E Details: Description| Value ---|--- Patched:| Yes, at 31.08.2016 Latest check for patch:| 31.08.2016 22:49 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...
OPPO sub-nginx parses can be scored permissions-bug warning-the black bar safety net
Brief description: OPPO sub-Station, nginx parses are scored permissions. The vulnerability risk is very large,it is easy to behackersthe use of Gift OK I can only say that this is really the idea. Detailed description: Upload address:...