10952 matches found
Exploit for Code Injection in Deskfiler
DeskFiler RCE A Proof-Of-Concept for CVE-2024-25291 vulnerabi...
Exploit for Open Redirect in Nteract
Nteract PoC A Proof-Of-Concept for CVE-2024-22891 vulnerabilit...
Android Open Source Platform (AOSP) Browser UXSS
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Open Source Platform AOSP Browser UXSS', 'Description' = %q This module exploits a Universal Cross-Site Scripting UXSS vulnerability...
Android Browser Open in New Tab Cookie Theft
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Browser "Open in New Tab" Cookie Theft', 'Description' = %q In Android's stock AOSP Browser application and WebView component, the "open ...
GE Proficy Cimplicity WebView Substitute.bcl Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'GE Proficy Cimplicity WebView substitute.bcl Directory Traversal', 'Description' = %q This module abuses a directory traversal in G...
CVE-2024-41918
'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...
CVE-2024-41918
'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...
CVE-2024-41918
'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...
CVE-2024-45240
The TikTok aka com.zhiliaoapp.musically application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal in the application's exposed WebView. On Android 12 and later, this is only exploitable by third-party applications...
CVE-2024-45240
The TikTok aka com.zhiliaoapp.musically application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal in the application's exposed WebView. On Android 12 and later, this is only exploitable by third-party applications...
PT-2024-31498 · Bytedance · Tiktok
Name of the Vulnerable Software and Affected Versions: TikTok versions prior to 34.5.5 Description: The issue allows the takeover of Lynxview JavaScript interfaces via deeplink traversal in the application's exposed WebView. On Android 12 and later, this is only exploitable by third-party...
CVE-2024-45240
The TikTok aka com.zhiliaoapp.musically application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal in the application's exposed WebView. On Android 12 and later, this is only exploitable by third-party applications...
PT-2024-12097 · Xiaomi · Xiaomigetapps
Name of the Vulnerable Software and Affected Versions: XiaomiGetApps affected versions not specified Description: A code execution vulnerability exists in the XiaomiGetApps application product, caused by the verification logic being bypassed. An attacker can exploit this vulnerability to execute...
Microsoft Teams (work or school) for macOS WebView.app helper app library injection vulnerability
Talos Vulnerability Report TALOS-2024-1990 Microsoft Teams work or school for macOS WebView.app helper app library injection vulnerability August 19, 2024 CVE Number CVE-2024-41145 SUMMARY A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams work or school...
CVE-2024-0949
Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68...
CVE-2024-0949
CVE-2024-0949 affects Talya Informatics’ Elektraweb prior to 17.0.68. The issue is described as Missing Authentication and Use of Hard-coded Credentials that enables Authentication Bypass due to improper access control, potentially exposing files/directories externally and impacting confidentiali...
CVE-2024-0949 Improper Access Control in Talya Informatics' Elektraweb
Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68...
PT-2024-15930
Name of the Vulnerable Software and Affected Versions Elektraweb versions prior to 17.0.68 Description The issue is related to improper access control, missing authorization, and incorrect permission assignment for critical resources. It allows for exploiting incorrectly configured access control...
U.S. Dept Of Defense: █████████ (Android): Vulnerable to Javascript Injection and Open redirect
A vulnerability was discovered in the WebView components of two apps, ████ and ██████████, which allowed an attacker to execute JavaScript and open any URL through a link or a malicious app. The root cause of this issue was that certain activities were exported and set as browsable, exposing them...
[SECURITY] Fedora 40 Update: qt5-qtwebview-5.15.14-1.fc40
Qt WebView provides a way to display web content in a QML application without necessarily including a full web browser stack by using native APIs where it makes sense...