Упражнения для глаз PRO *FREE - Base64 encoded String, Exported ContentProvider, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Упражнения для глаз PRO FREE published at the 'play' market has multiple vulnerabilities...

Cross-Site Scripting (XSS)

marked is vulnerable to cross-site scripting XSS attacks. The library does not sanitize strings encoded in base64, allowing a malicious user to inject and execute arbitrary javascript...

РБК Главное - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application РБК Главное published at the 'play' market has multiple vulnerabilities...

Pelco VideoXpert 1.12.105 - Information Disclosure

Pelco VideoXpert 1.12.105 - Information Disclosure Schneider Electric Pelco VideoXpert Missing Encryption Of Sensitive Information Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: 2.0.41 1.14.7 1.12.105 Summary: VideoXpert is a video management solution...

Design/Logic Flaw

An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials...

CVE-2017-6028

Schneider Electric Modicon PLCs Modicon M241 (all firmware) and M251 (all firmware) are affected by CVE-2017-6028, where login credentials are transmitted over the network using Base64, enabling sniffing and potential unauthorized web access. No exploits are publicly known in the provided docs. R...

Futurama: Worlds of Tomorrow - Base64 encoded String, Customized SSL, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Futurama: Worlds of Tomorrow published at the 'play' market has multiple vulnerabilities...

PHPMailer 5.2.20 with Exim MTA - Remote Code Execution

PHPMailer 5.2.20 with Exim MTA - Remote Code Execution !/usr/bin/python Exploit Title: RCE for PHPMailer 5.2.20 with Exim MTA Date: 16/06/2017 Exploit Author: @phacktul Software Link: https://github.com/PHPMailer/PHPMailer Version: 5.2.20 Tested on: Debian x86/x64 CVE :...

Get Followers and Likes - Base64 encoded String, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application Get Followers and Likes published at the 'play' market has multiple vulnerabilities...

StorySave - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application StorySave published at the 'play' market has multiple vulnerabilities...

Epic Bird - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Epic Bird published at the 'play' market has multiple vulnerabilities...

RUSTSEC-2017-0004 Integer overflow leads to heap-based buffer overflow in encode_config_buf

Affected versions of this crate suffered from an integer overflow bug when calculating the size of a buffer to use when encoding base64 using the encodeconfigbuf and encodeconfig functions. If the input string was large, this would cause a buffer to be allocated that was too small. Since this...

Integer overflow leads to heap-based buffer overflow in encode_config_buf

Affected versions of this crate suffered from an integer overflow bug when calculating the size of a buffer to use when encoding base64 using the encodeconfigbuf and encodeconfig functions. If the input string was large, this would cause a buffer to be allocated that was too small. Since this...

nss security update

3.21.3-2.0.1 - Fix out-of-bound issue in base64 encoding/decoding code CVE-2017-5461...

Yandex.Taxi - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Yandex.Taxi published at the 'play' market has multiple vulnerabilities...

Маркет – объявления Казахстана - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Маркет – объявления Казахстана published at the 'play' market has multiple vulnerabilities...

Telugu Live TV,Movies & Shows - Base64 encoded String, Dangerous filesystem permissions, MIT license vulnerabilities

HackApp vulnerability scanner discovered that application Telugu Live TV,Movies & Shows published at the 'play' market has multiple vulnerabilities...

nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c (MFSA 2017-10)

An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an...

nss and nss-util security update

nss 3.28.4-1.0.1 - Added nss-vendor.patch to change vendor - Temporarily disable some tests until expired PayPalEE.cert is renewed 3.28.4-1 - Rebase to 3.28.4 nss-util 3.28.4-1 - Rebase to NSS 3.28.4 to accommodate base64 encoding fix...

CVE-2017-7188

Zurmo 3.1.1 Stable allows a Cross-Site Scripting XSS attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse...