Epic Bird - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Epic Bird published at the 'play' market has multiple vulnerabilities...

RUSTSEC-2017-0004 Integer overflow leads to heap-based buffer overflow in encode_config_buf

Affected versions of this crate suffered from an integer overflow bug when calculating the size of a buffer to use when encoding base64 using the encodeconfigbuf and encodeconfig functions. If the input string was large, this would cause a buffer to be allocated that was too small. Since this...

Integer overflow leads to heap-based buffer overflow in encode_config_buf

Affected versions of this crate suffered from an integer overflow bug when calculating the size of a buffer to use when encoding base64 using the encodeconfigbuf and encodeconfig functions. If the input string was large, this would cause a buffer to be allocated that was too small. Since this...

nss security update

3.21.3-2.0.1 - Fix out-of-bound issue in base64 encoding/decoding code CVE-2017-5461...

Yandex.Taxi - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Yandex.Taxi published at the 'play' market has multiple vulnerabilities...

Маркет – объявления Казахстана - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Маркет – объявления Казахстана published at the 'play' market has multiple vulnerabilities...

Telugu Live TV,Movies & Shows - Base64 encoded String, Dangerous filesystem permissions, MIT license vulnerabilities

HackApp vulnerability scanner discovered that application Telugu Live TV,Movies & Shows published at the 'play' market has multiple vulnerabilities...

nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c (MFSA 2017-10)

An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an...

nss and nss-util security update

nss 3.28.4-1.0.1 - Added nss-vendor.patch to change vendor - Temporarily disable some tests until expired PayPalEE.cert is renewed 3.28.4-1 - Rebase to 3.28.4 nss-util 3.28.4-1 - Rebase to NSS 3.28.4 to accommodate base64 encoding fix...

CVE-2017-7188

Zurmo 3.1.1 Stable allows a Cross-Site Scripting XSS attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse...

Kids videos for YouTube - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Kids videos for YouTube published at the 'play' market has multiple vulnerabilities...

WeChat - Base64 encoded String, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application WeChat published at the 'play' market has multiple vulnerabilities...

LINE Rangers - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application LINE Rangers published at the 'play' market has multiple vulnerabilities...

DEBIAN-CVE-2017-6437

The base64encode function in base64.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service out-of-bounds read via a crafted plist file...

D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials

Overview The D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass of the remote login page, and do not sufficiently protect administrator credentials. Description The D-Link DIR-130, firmware version 1.23, and DIR-330, firmware version 1.12, are vulnerable to the following:CWE-294:...

Fallout Shelter - Base64 encoded String, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Fallout Shelter published at the 'play' market has multiple vulnerabilities...

Лайки каждый день - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Лайки каждый день published at the 'play' market has multiple vulnerabilities...

Private SMS & Call - Hide Text - Base64 encoded String, Dangerous filesystem permissions, Runtime privilege escalation vulnerabilities

HackApp vulnerability scanner discovered that application Private SMS & Call - Hide Text published at the 'play' market has multiple vulnerabilities...

AirWatch Inbox - Apache license, Base64 encoded String, Customized SSL vulnerabilities

HackApp vulnerability scanner discovered that application AirWatch Inbox published at the 'play' market has multiple vulnerabilities...

For the Node. js in the node-serialize module deserialization vulnerability the subsequent analysis-vulnerability warning-the black bar safety net

Of the Node. js serialization remote command execution vulnerabilities of a number of follow-up found and how to develop the attack load. A few days ago I was in opsecx blog found an article How to use a named node-serialize nodejs module in the RCE remote code execution error blog. The article...