EUVD-2014-7096

Malware in sbrugna...

EUVD-2014-1993

Malware in sbrugna...

JVN#93167107: Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of Java object

Android App "Mercari" Japan version provided by Mercari, Inc. contains vulnerability which may allow arbitrary Java method execution CWE-749 due to inadequate restrictions on addJavascriptInterface of WebView class. Impact An arbitrary method of a Java object may be executed by a remote attacker...

CVE-2014-4968

The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636...

CVE-2014-7224

A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code...

Remote code execution

A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code...

CVE-2014-7224

A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code...

Pwn2Own Huawei HiApp vulnerability principle and the use of analysis of under-vulnerability warning-the black bar safety net

0×01 Preface Pwn2Own Huawei HiApp vulnerability principle and the use of the analysison Reading this article is the basis for understanding previous attacks construct the link. 0×02 vulnerability analysis I don't know if the attentive classmates found in my article analysis article left in the eg...

SKILLS.com.au Industry App - Man In The Middle Remote Code Execution

SKILLS.com.au Industry App - Man In The Middle Remote Code Execution Exploit Title: SKILLS.com.au Industry App - Remote Code Execution via MITM Date: 20/Jul/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=a3.skills.com http://archive.is/NRlNP Software Link:...

Android 4.2 Browser and WebView - addJavascriptInterface Code Execution Exploit

Exploit for Android platform in category local exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/android' class MetasploitModule OperatingSystems::Match::ANDROID, :ar...

Boat Browser 8.0 and 8.0.1 - Remote Code Execution Vulnerability

No description provided by source. !-- .:: Remote code execution vulnerability in Boat Browser ::. credit: c0otlass social contact: https://twitter.com/c0otlass mail: [email protected] CVE reserved : 2014-4968 time of discovery: July 14, 2014 Browser Official site:http://www.boatmob.com/ Browser...

Boat Browser 8.0 and 8.0.1 - Remote Code Execution Vulnerability

Exploit for Android platform in category remote exploits CreatMalTxt POC - WebView var obj; function TestVulnerability temp="not"; var myObject = window; for var name in myObject if myObject.hasOwnPropertyname try...

Adobe Reader for Android addJavascriptInterface Exploit

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/fileformat' require 'msf/core/exploit/pdf' require 'msf/core/exploit/android' class...

Adobe Reader for Android < 11.2.0 - 'addJavascriptInterface' Local Overflow (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/fileformat' require 'msf/core/exploit/pdf' require 'msf/core/exploit/android' class Metasploit3 'Adobe Reader for Android...

Adobe Reader for Android addJavascriptInterface Exploit

Adobe Reader versions less than 11.2.0 exposes insecure native interfaces to untrusted javascript in a PDF. This Metasploit module embeds the browser exploit from android/webviewaddjavascriptinterface into a PDF to get a command shell on vulnerable versions of Reader. This module requires...

Google Android addJavascriptInterface Remote Code Execution

A remote code execution vulnerability has been reported in Google Android prior to 4.2. The vulnerability is due to an error in the addJavascriptInterface method within the WebView class, commonly used in numerous mobile applications. A remote attacker can exploit this vulnerability by persuading...

Server side request forgery (ssrf)

Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service reboot via a crafted web page, as demonstrated ...

UBUNTU-CVE-2012-6636

The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application...

CVE-2014-1939

CVE-2014-1939 affects Android’s BrowserFrame.java (Android before 4.4). The vulnerability arises from using addJavascriptInterface with an instance of SearchBoxImpl, allowing attackers to perform arbitrary Java code execution via the searchBoxJavaBridge_ interface at certain API levels. Exploitat...

CVE-2012-6636

CVE-2012-6636 corresponds to an Android WebView issue where WebView.addJavascriptInterface is not properly restricted, allowing crafted JavaScript to invoke Java object methods via Reflection and potentially achieve remote code execution on apps targeting API level 16 or earlier. Connected docs s...