66 matches found
CVE-2022-39246
matrix-android-sdk2 (Android Matrix SDK) before version 1.5.1 is vulnerable: an attacker collaborating with a malicious homeserver can craft messages that appear from another user due to an overly permissive key-forwarding policy. Starting with 1.5.1, the default key-forwarding policy is stricter...
Matrix 安全漏洞
Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability in Matrix matrix-android-sdk2 versions prior to 1.5.1 stems from a problem with its protocol obfuscation leading to an attacker working with a malicious master server being able to constru...
CVE-2020-23349
An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 com.sina.weibo.sdk.share.WbShareTransActivity, any unexported Activities could be started by the com.sina.weibo.sdk.share.WbShareTransActivity...
Authentication flaw
An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 com.sina.weibo.sdk.share.WbShareTransActivity, any unexported Activities could be started by the com.sina.weibo.sdk.share.WbShareTransActivity...
CVE-2020-23349
An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 com.sina.weibo.sdk.share.WbShareTransActivity, any unexported Activities could be started by the com.sina.weibo.sdk.share.WbShareTransActivity...
CVE-2020-23349
CVE-2020-23349 concerns the Sina Weibo Android SDK 4.2.7, where a vulnerability in the internal activity flow of com.sina.weibo.sdk.share.WbShareTransActivity allows any unexported activities to be started by this component via an intent redirection issue. The impact, as described in connected so...
Mariana Trench - Security Focused Static Analysis Tool For Android And Java Applications
Mariana Trench is a security focused static analysis platform targeting Android. This guide will walk you through setting up Mariana Trench on your machine and get you to find your first remote code execution vulnerability in a small sample app. These instructions are also available at our websit...
Element Android 加密问题漏洞
Element Android is the Android Matrix client provided by Element. A cryptographic issue vulnerability exists in Element Android prior to version 1.2.2 and matrix-android-sdk2 prior to version 1.2.2, which stems from a logic error in the device's room key sharing functionality that results in...
Remote Code Execution and download tracking in Mintegral SDK
"This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google...
CVE-2020-7744
This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Do...
Design/Logic Flaw
This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Do...
CVE-2020-7744 Information Exposure
This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Do...
CVE-2020-7744
CVE-2020-7744 affects all versions of the com.mintegral.msdk:alphab component in the Android Mintegral SDK. Connected sources describe a malicious module that monitors downloads from Google domains or Google apps and from APKs, then exfiltrates the captured data to Mintegral’s servers, continuing...
Getdroid - FUD Android Payload And Listener
FUD Android Payload And Listener Read the license before using any part from this code Malicious Android apk generator Reverse Shell Legal disclaimer: Usage of GetDroid for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local,...
Shopify: Account takeover intercepting magic link for Arrive app
Summary The "magic link" used for login by Arrive app uses Branch.io to pass the login token via deeplink to the app. But the URL contained in the link app.link domain is not verified so it can be intercepted by a malicious app at takeover the account. Description When trying to login with Arrive...
50m-ctf: `Cody trolled us all` h1-702 CTF write-up
Premise I use not to play CTF challenges because they usually absorb me entirely. I cannot think of anything else but "I want that flag!". That said, this is going to be a long story: no princess, no dragoons, only a tweet. https://twitter.com/Hacker0x01/status/1100543680383832065 Level 0 - Nothi...
Apktool - A Tool For Reverse Engineering Android APK Files
A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications. It also makes working with an app easier because of the project like file structure and automation of some repetitive tasks like...
Jumio SDK for Android Arbitrary Code Execution Vulnerability
Jumio SDK for Android is a software development kit for building authentication applications using biometrics based on the Android platform. A security vulnerability exists in versions of Jumio SDK for Android prior to 1.5.0. The vulnerability can be exploited to execute arbitrary code via the...
AndroTickler - Penetration Testing and Auditing Toolkit for Android Apps
A java tool that helps to pentest Android apps faster, more easily and more efficiently. AndroTickler offers many features of information gathering, static and dynamic checks that cover most of the aspects of Android apps pentesting. It also offers several features that pentesters need during the...
Information Disclosure
facebook-android-sdk is susceptible to information disclosure. The library fails to validate the whether the package name matches the name of the current app, allowing a malicious application to collect facebook credentials...