1654 matches found
Google Report Lauds Android Security Enhancements
Google has put some hard numbers behind the effectiveness of the security enhancements it has dropped into Android in the past year, and results show that things such as SE Linux SE Android, Verify Apps and Safety Net have cut down on successful attacks against the Android operating system,...
Android DoS
WiFi direct function DoS...
CVE-2014-8610
The CVE describes a vulnerability in Android prior to 5.0.0 where AndroidManifest.xml does not require SEND_SMS for the SmsReceiver, allowing an unprivileged app to cause stored SMS messages to be resent or new draft SMS messages to be sent by broadcasting the com.android.mms.transaction.MESSAGE_...
Prey Anti-Theft for Android missing SSL certificate validation [STIC-2014-0731]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fundacion Dr. Manuel Sadosky - Programa STIC Advisory www.fundacionsadosky.org.ar Prey Anti-Theft for Android missing SSL certificate validation 1. Advisory Information Title: Prey Anti-Theft for Android missing SSL certificate validation Advisory ID:...
Android WAPPushManager SQL Injection Vulnerability
Android WAPPushManager SQL Injection Vulnerability. INTRODUCTION ================================== In Android 5.0, a SQL injection vulnerability exists in the opt module WAPPushManager, attacker can remotely send malformed WAPPush message to launch any activity or service in the victim's phone...
Android Privilege Escalation
In Android This means that when ObjectInputStream is used on untrusted inputs, an attacker can cause an instance of any class with a non-private parameterless constructor to be created. All fields of that instance can be set to arbitrary values. The malicious object will then typically either be...
CVE-2014-7650
The JJA- Juvenile Justice Act 1986 aka com.felix.jja application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Design/Logic Flaw
The Grandparenting is Great aka com.appgig.layout application 1.400 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7044
The Street Walker aka kt.road.StreetWalker application 0.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Server side request forgery (ssrf)
The Quest Federal CU Mobile aka com.metova.cuae.questfcu application 1.0.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-6939
The Sketch W Friends FREE -Tablets aka air.com.xlabz.SketchWFriendsFree application 5.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
zergRush (CVE-2 0 1 1-3 8 7 4) mention the right vulnerability analysis-vulnerability warning-the black bar safety net
Recent finally turn Android, 2 0 1 1 years of the famous zergrush is the contact of the first ROOT vulnerability. Although it has been, only affects Android 2.2 - 2.3.6, but there is still necessary records about the analysis proceeds. On the market various ROOT tools basic are included zergrush,...
Information disclosure
The First Assembly NLR aka com.subsplash.thechurchapp.firstassemblynlr application 2.8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-6776
The United Advantage NW Federal Cr aka com.myappengine.uanwfcu application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-6770
The Aerospace Jobs aka com.appaerospacejobs.layout application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-6639
The TIO MobilePay - Bill Payments aka com.tionetworks.mobile.android.tioclient application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Code injection
The Secret Circle - talk freely aka com.easyxapp.secret application 2.2.00.26 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Design/Logic Flaw
The Farm Frenzy Gold aka com.herocraft.game.farmfrenzy.gold application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Boat Browser 8.0 and 8.0.1 - Remote Code Execution Vulnerability
Exploit for Android platform in category remote exploits CreatMalTxt POC - WebView var obj; function TestVulnerability temp="not"; var myObject = window; for var name in myObject if myObject.hasOwnPropertyname try...
Boat Browser 8.08.0.1 - Remote Code Execution
Boat Browser 8.08.0.1 - Remote Code Execution CreatMalTxt POC - WebView var obj; function TestVulnerability temp="not"; var myObject = window; for var name in myObject if myObject.hasOwnPropertyname try...