CVE-2024-12993

The CVE-2024-12993 entry describes a vulnerability in Infinix devices stemming from a pre-loaded app com.rlk.weathers that exposes an unsecured content provider. An attacker can communicate with this provider to reveal the user’s location without any privileges (local attack; no user interaction ...

CVE-2024-12993 Location information exposure in Infinix Weather app

Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges. After multiple attempts to contact the vendor we did not receive any answer. We...

CVE-2024-12993 Location information exposure in Infinix Weather app

Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges. After multiple attempts to contact the vendor we did not receive any answer. We...

Transsion Holdings Infinix Mobile devices 安全漏洞

Transsion Holdings Infinix Mobile devices are a range of mobile devices from Transsion Holdings, a Chinese company. A security vulnerability exists in the Transsion Holdings Infinix Mobile devices, which stems from the pre-installed com.rlk.weathers application exposing an unprotected content...

Weather app security breach

Weather app is a weather forecasting app. A security vulnerability exists in Weather app version 1.0.0. An attacker exploited the vulnerability to cause backup files to be exposed to unauthorized control...

CVE-2023-30715

Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission...

CVE-2023-30715

Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission...

BestWeather 安全漏洞

BestWeather is a weather advisor application from BestWeather open source. A security vulnerability exists in BestWeather version v.7.3.1 that stems from allowing unauthorized applications to cause a denial of service through the database...

CVE-2022-28780

Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information...

CVE-2022-25815

PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent...

Samsung Weather application 安全漏洞

Samsung Weather application is an application for Samsung mobile devices that is used to obtain weather forecast information.A hijacking vulnerability exists in Samsung Weather application, which stems from an unauthorized access A local attacker could use this vulnerability to perform unauthoriz...

CVE-2022-25815

PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent...

RTL Nederland Makes Weather Forecasting Fast, Reliable and Sustainable with Help From Akamai

Media giant RTL Nederland offers a weather app that gives users the ability to get a comprehensive overview of the weather in their location at the click of a button. Akamai is delighted that this exciting media brand has chosen us to deliver a rich and engaging web experience for its viewers whi...

Directory Traversal in scott-blanch-weather-app

Affected versions of scott-blanch-weather-app resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable...

GHSA-JP46-FW6C-3PM9 Directory Traversal in scott-blanch-weather-app

Affected versions of scott-blanch-weather-app resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable...

Top Play Store Weather app steals user data & sends to Chinese server

By Sudais The weather app called Weather Forecast: World Weather Accurate Radar on two of Alcatel's Android smartphone models, namely the Pixi 4 and A3 Max. This is a post from HackRead.com Read the original post: Top Play Store Weather app steals user data & sends to Chinese server...

scott-blanch-weather-app path traversal vulnerability

scott-blanch-weather-app is a Node.js weather app built with Express. A path traversal vulnerability exists in scott-blanch-weather-app. An attacker can exploit this vulnerability by placing a '... /' sequence in the URL to gain access to the file system...

Directory Traversal

scott-blanch-weather-app is vulnerable to directory traversal attacks. The attacks are possible by requesting a URL such as /..%2f..%2fetc/passwd to get sensitive information...

CVE-2017-16184

scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-9245

The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL...