Pixi Was die Sonne alles kann - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Pixi Was die Sonne alles kann published at the 'play' market has multiple vulnerabilities...

Offline French German Dict. - Base64 encoded String, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Offline French German Dict. published at the 'play' market has multiple vulnerabilities...

download music mp3 howto - Base64 encoded String, Exported ContentProvider, MIT license vulnerabilities

HackApp vulnerability scanner discovered that application download music mp3 howto published at the 'play' market has multiple vulnerabilities...

German Bulgarian Dictionary Fr - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application German Bulgarian Dictionary Fr published at the 'play' market has multiple vulnerabilities...

German Polish Translator - Base64 encoded String, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application German Polish Translator published at the 'play' market has multiple vulnerabilities...

Offline English German Dict. - Base64 encoded String, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Offline English German Dict. published at the 'play' market has multiple vulnerabilities...

AutoWear - Base64 encoded String, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application AutoWear published at the 'play' market has multiple vulnerabilities...

Air Canada - Base64 encoded String, Customized SSL, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Air Canada published at the 'play' market has multiple vulnerabilities...

Animated watch faces - Base64 encoded String, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Animated watch faces published at the 'play' market has multiple vulnerabilities...

ぷちドラゼミ 知育アプリ『タイムふろしき』 - Base64 encoded String, Exported ContentProvider, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application ぷちドラゼミ 知育アプリ『タイムふろしき』 published at the 'play' market has multiple vulnerabilities...

リズムえほん 赤ちゃんのアプリ知育音楽リズム遊びゲーム 無料 - Base64 encoded String, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application リズムえほん 赤ちゃんのアプリ知育音楽リズム遊びゲーム 無料 published at the 'play' market has multiple vulnerabilities...

テトリス®モンスター - Base64 encoded String, Dynamic Code Loading, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application テトリス®モンスター published at the 'play' market has multiple vulnerabilities...

はらぺこあおむし　赤ちゃん・子供向けのアプリ 人気無料ゲーム - Base64 encoded String, Customized SSL, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application はらぺこあおむし 赤ちゃん・子供向けのアプリ 人気無料ゲーム published at the 'play' market has multiple vulnerabilities...

Zomato: Authentication Bypassing and Sensitive Information Disclosure on Verify Email Address in Registration Flow

The zomato.com web application is vulnerable to authentication bypassing and sensitive information disclosure. The flaw exist in “Verify Email Address” link which is received in a mail after registration. Once the user enters Full Name, Email Address and Password during registration, he/she is...

Wordpress Feed Statistics Plugin V 1.4.3 feed-statistics.php 重定向漏洞

0x01 漏洞简述 URL 重定向也就是 URL跳转，攻击者可以构造URL将用户的访问重定向到指定页面。 Wordpress Feed Statistics Plugin V 1.4.3 feed-statistics.php 文件中存在重定向漏洞，攻击者通过构造url的base64编码，可以将用户的访问重定向到指定页面。 公开时间：2016-01-09 Google Dork : "inurl:wp-content/plugins/wordpress-feed-statistics/feed-statistics.php?url=" 0x02 漏洞细节 漏洞页面：...

Joomla Shape 5 MP3 Player 2.0 Local File Disclosure

. | | / | | \ \ | | \ / | |\ / / /\ \ / \ | Y / ^ / / || / / / / /\ /\ \ \ \ | / \ / / \ | \ \ / // / \ / / / / Joomla = Shape 5 MP3 Player 2.0 Local File Disclosure Exploit My + Author : KnocKout Contact : [email protected] Skype : [email protected] HomePage : http://milw00rm.com...

SMF (Simple Machine Forum) 2.0.10 Remote Memory Exfiltration

!/usr/bin/python -- coding: iso-8859-15 -- Title: SMF Simple Machine Forum Filippo Roncari Truel Lab http://lab.truel.it Requirements: SMF = 2.0.10 PHP = 5.6.11 / 5.5.27 / 5.4.43 Advisories: TL-2015-PHP04 http://lab.truel.it/d/advisories/TL-2015-PHP04.txt TL-2015-PHP06...

SMF (Simple Machine Forum) 2.0.10 - Remote Memory Exfiltration

!/usr/bin/python -- coding: iso-8859-15 -- Title: SMF Simple Machine Forum Filippo Roncari Truel Lab http://lab.truel.it Requirements: SMF = 2.0.10 PHP = 5.6.11 / 5.5.27 / 5.4.43 Advisories: TL-2015-PHP04 http://lab.truel.it/d/advisories/TL-2015-PHP04.txt TL-2015-PHP06...

CVE-2015-5956

The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting XSS attacks via a base64 encoded data URI, as demonstrated by the 1 returnUrl parameter to showrechis.php and...

CVE-2015-6737

Cross-site scripting XSS vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content...