95 matches found
CVE-2018-2482
SAP Mobile Secure Android Application, Mobile-secure.apk Android client, before version 6.60.19942.0, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Install the Mobile Secure Android client released in Mid-Oct 2018...
CVE-2018-1000664
daneren2005 DSub for Subsonic Android client version 5.4.1 contains a CWE-295: Improper Certificate Validation vulnerability in HTTPS Client that can result in Any non-CA signed server certificate, including self signed and expired, are accepted by the client. This attack appear to be exploitable...
Input validation
daneren2005 DSub for Subsonic Android client version 5.4.1 contains a CWE-295: Improper Certificate Validation vulnerability in HTTPS Client that can result in Any non-CA signed server certificate, including self signed and expired, are accepted by the client. This attack appear to be exploitable...
Rocket.Chat: Blind XSS in the rocket.chat registration email
Note: This report was initially sent via email and I was invited to submit this here. Hi team, During an audit on a third-party, I discovered that rocket.chat Android client might be vulnerable to blind XSS. My XSS payload fired in the context of the target's rocket.chat client as you can see bel...
JCG-AC836M Jetix Router Android client suffers from information leakage vulnerability
Ltd. is a professional manufacturer and operator of network and communication equipment, and is a leader in the field of manufacturing and marketing of client-side equipment for wireless local area networks in China. An information leakage vulnerability exists in the Android client of the...
Denial of Service Vulnerability in Android Client of JCG-AC836 Jetix Router
Ltd. is a professional manufacturer and operator of network and communication equipment, and is a leader in the field of manufacturing and marketing of client-side equipment for wireless local area networks in China. A denial-of-service vulnerability exists in the Android client of the JCG-AC836...
SMS Bombing Vulnerability in Air China's Android Client
Air China Android client is an airplane flight inquiry service software. An SMS bombing vulnerability exists in the Air China Android client - Zhiyin Mall at the order submission. An attacker is allowed to replay this interface for SMS bombing, which constitutes system resource consumption...
CVE-2017-3499
Vulnerability in the Oracle Social Network component of Oracle Fusion Middleware subcomponent: Android Client. The supported version that is affected is prior to 11.1.12.0.0 17019101. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTPS to compromise...
Code injection
Vulnerability in the Oracle Social Network component of Oracle Fusion Middleware subcomponent: Android Client. The supported version that is affected is prior to 11.1.12.0.0 17019101. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTPS to compromise...
CVE-2017-3499
Vulnerability in the Oracle Social Network component of Oracle Fusion Middleware subcomponent: Android Client. The supported version that is affected is prior to 11.1.12.0.0 17019101. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTPS to compromise...
CVE-2017-3499
Vulnerability in the Oracle Social Network component of Oracle Fusion Middleware subcomponent: Android Client. The supported version that is affected is prior to 11.1.12.0.0 17019101. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTPS to compromise...
CVE-2017-3499
CVE-2017-3499 affects Oracle Fusion Middleware’s Oracle Social Network Android Client (prior to 11.1.12.0.0). It is exploitable over HTTPS by an unauthenticated, network-accessing attacker, potentially leading to unauthorized access to confidential Oracle Social Network data. Root cause and speci...
China Telecom WingPay Android client gesture lock has design flaws
Wing Pay is a mobile payment service launched by China Telecom. A design vulnerability exists in the gesture lock of the Wing Pay Android client. By exploiting the vulnerability, an attacker can bypass the gesture lock security mechanism of the Wing Pay Android client and obtain users' private...
Multiple SQL Injection Vulnerabilities in Panmicro's Mobile OA Solution e-mobile
E-Mobile is a mobile office product based on Android client released by Shanghai Panmicro Network Technology Co. There are multiple SQL injection vulnerabilities in Panmicro's mobile OA solution, e-mobile. It allows attackers to utilize commonly used SQL injection tools to obtain sensitive databa...
Share KM 1.0.19 Denial Of Service
Advisory Information : ====================== Title : Share KM 1.0.19 - Remote Denial Of Service Advisory ID : Cr02013-001 Product : Share KM desktop setup file Vendor : SmartUX Vulnerable Versions : 1.0.19 and probably prior release Tested Version : 1.0.19 Tested On : Windows 7 Vulnerability Typ...