Backdooring Android APK: backdoor-apk

Backdooring Android APK backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without...

Zendesk: Android SDK - CREATE_REQUEST broascast is unprotected

The researcher identified that CREATEREQUEST broadcast in Zopim's android SDK was unprotected...

Backdoor Android APK: backdoor-apk

backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and ...

Error: "Cannot find Android SDK. Please refer to the MDX Toolkit doc for download instructions"

Citrix MDX Toolkit is unable to find the Android SDK. The following error is displayed: "Cannot find Android SDK. Please refer to the MDX Toolkit doc for download instructions"...

Dropbox SDK for Android Security Bypass Vulnerability

Dropbox is an innovative online file storage, synchronization, and sharing service that offers free client software, is open source and cross-platform, and runs on Windows, Mac OS X, and Linux operating systems. A security bypass vulnerability exists in Dropbox SDK for Android. An attacker can...

Dropbox Patches Remotely Exploitable Vulnerability in SDK

Developers at Dropbox recently fixed a remotely exploitable vulnerability in the Android SDK version of the storage app that enabled attackers to connect applications to a Dropbox account without the user’s consent. This could have opened users up to the theft of information from any app that use...

Android Web Browser - GIF File Heap-Based Buffer Overflow Vulnerability

source: http://www.securityfocus.com/bid/28005/info Android Web Browser is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Successfully exploiting this vulnerability can...

Android Web Browser - BMP File Integer Overflow Vulnerability

source: http://www.securityfocus.com/bid/28006/info Android Web Browser is prone to an integer-overflow vulnerability because it fails to adequately handle user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts wil...

Android SDK平台工具符号错误栈缓冲区溢出漏洞

Bugtraq ID:65403 CVE ID:CVE-2014-1909 Android SDK提供API库和开发工具,建立,测试,调试应用程序和Android。 Android Debug Bridge不正确使用整数值，允许攻击者利用漏洞触发一个基于栈的缓冲区溢出，可使应用程序崩溃或可执行任意代码。 0 Android SDK Tools 目前没有详细解决方案提供： http://developer.android.com/tools/sdk/tools-notes.html?...

[OWASP GoatDroid] Project that will help educate security to application developers Android

OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security. GoatDroid requires minimal dependencies and is ideal for both Android beginners as well as more advanced users. The project currently includes two applications:...

[Santoku 0.4] Distribution dedicated to mobile forensics, malware analysis and security testing

Santoku includes a number of open source tools dedicated to helping you in every aspect of your mobile forensics, malware analysis, and security testing needs, including: Development Tools: Android SDK Manager AXMLPrinter2 Fastboot Heimdall src | howto Heimdall GUI src | howto SBF Flash Penetrati...

CVE-2011-1001

dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service dexdump crash and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number ...

Integer overflow

Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field...

CVE-2008-0986

Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field...

CVE-2008-0986

Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field...

EUVD-2008-0993

Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field...

CVE-2008-0986

CVE-2008-0986 describes an integer overflow in the Android libsgl.so BMP reader (BMP::readFromStream) used in Google Android SDK m3-rc37a and earlier, and m5-rc14. When the BMP header’s offset field is negative and the DIB header specifies 8 bpp, the parser allocates a palette using the negative ...

CVE-2008-0985

CVE-2008-0985 describes a heap-based overflow in the GIF handling in Android’s WebKit/WebCore stack (GIFImageDecoder) used by the Android SDK m3-rc37a and earlier. The root cause is miscalculation of image size based on the GIF header’s Logical Screen Width/Height, leading to buffer overflows whe...

EUVD-2008-0992

Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width...

CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs Multiple vulnerabilities in Google's Android SDK Advisory Information Title: Multiple vulnerabilities in Google's Android SDK Advisory ID: CORE-2008-0124 Advisory URL:...