1024 matches found
Get Followers for IG - Base64 encoded String, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities
HackApp vulnerability scanner discovered that application Get Followers for IG published at the 'play' market has multiple vulnerabilities...
PHPMailer < 5.2.18 - Remote Code Execution
!/bin/bash CVE-2016-10033 exploit by opsxcq https://github.com/opsxcq/exploit-CVE-2016-10033 echo '+ CVE-2016-10033 exploit by opsxcq' if -z "$1" then echo '- Please inform an host as parameter' exit -1 fi host=$1 echo '+ Exploiting '$host curl -sq 'http://'$host -H 'Content-Type:...
Samsung DVR Design Vulnerability
Samsung DVRs are small PCs used to record TV broadcasts, cable or DirectTV transmissions. Samsung DVR design vulnerability. Since the Samsung DVR web browser defaults to using HTTP port 80 to transmit base64-encoded credentials in the cookie header and base64-encodes only the login and password. ...
My Drive UAE - Base64 encoded String, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application My Drive UAE published at the 'play' market has multiple vulnerabilities...
Cpu Temperature - Base64 encoded String, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Cpu Temperature published at the 'play' market has multiple vulnerabilities...
Gallery Pro - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Gallery Pro published at the 'play' market has multiple vulnerabilities...
AbanteCart 1.2.7 Cross Site Scripting
Exploit Title: AbanteCart 1.2.7 Stored XSS Date: 06-12-2016 Software Link: http://www.abantecart.com/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description By default all user input is escaped using...
MapmyIndia Maps & Directions - Base64 encoded String, Customized SSL, Exported ContentProvider vulnerabilities
HackApp vulnerability scanner discovered that application MapmyIndia Maps & Directions published at the 'play' market has multiple vulnerabilities...
Pregnancy + - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Pregnancy + published at the 'play' market has multiple vulnerabilities...
РЖД Грузы - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application РЖД Грузы published at the 'play' market has multiple vulnerabilities...
USN-3123-1: curl vulnerabilities
It was discovered that curl incorrectly reused client certificates when built with NSS. A remote attacker could possibly use this issue to hijack the authentication of a TLS connection. CVE-2016-7141 Nguyen Vu Hoang discovered that curl incorrectly handled escaping certain strings. A remote...
OOB write via unchecked multiplication
In libcurl's base64 encode function, the output buffer is allocated as follows without any checks on insize: malloc insize 4 / 3 + 4 On systems with 32-bit addresses in userspace e.g. x86, ARM, x32, the multiplication in the expression wraps around if insize is at least 1GB of data. If this...
UBUNTU-CVE-2016-8617
The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via CURLOPTUSERNAME...
MARVEL Avengers Academy - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application MARVEL Avengers Academy published at the 'play' market has multiple vulnerabilities...
PHP 'php_base64_encode()' function integer overflow vulnerability
PHP is an open source general-purpose computer scripting language. The PHP 'phpbase64encode' function integer overflow vulnerability allows an attacker to exploit the vulnerability to execute arbitrary code in the context of a user's affected application, or a failed attack will result in a denia...
Tank Strike 3D - Base64 encoded String, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Tank Strike 3D published at the 'play' market has multiple vulnerabilities...
Едадил — акции в магазинах - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Едадил — акции в магазинах published at the 'play' market has multiple vulnerabilities...
ExpressionEngine: Arbitrary SQL query execution and reflected XSS in the "SQL Query Form"
Hello, The mentioned module is vulnerable to SQL injection due to the fact that a query can be done in a GET request, with the query is Base64 encoded and supplied as the value of the parameter "thequery". This allows an attacker to perform arbitrary SQL queries if they trick an authenticated adm...
Learning colors for kids - Base64 encoded String, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Learning colors for kids published at the 'play' market has multiple vulnerabilities...
Acorns - Invest Spare Change - Base64 encoded String, Customized SSL, Insecure KeyStore vulnerabilities
HackApp vulnerability scanner discovered that application Acorns - Invest Spare Change published at the 'play' market has multiple vulnerabilities...