19 matches found
CVE-2026-14704
CVE-2026-14704 affects the Stephen-Kruger bluebox project up to version 4.5.12. The vulnerability arises from manipulation of an unnamed argument, enabling cross-site scripting. Exploitation is possible remotely, and public PoCs exist. The issue was brought to the project’s attention via an issue...
CVE-2026-14704
A vulnerability was found in stephen-kruger bluebox up to 4.5.12. Affected by this vulnerability is an unknown functionality. Performing a manipulation of the argument code results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could ...
EUVD-2026-41725
A vulnerability was found in stephen-kruger bluebox up to 4.5.12. Affected by this vulnerability is an unknown functionality. Performing a manipulation of the argument code results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could ...
Mitel 6869i Voip Deskphone 4.2.2032 Command Injection Vulnerability
Mitel 6869i Voip Deskphone version 4.2.2032 suffer from an unauthenticated command injection vulnerability. Vendor: Mitel Affected Products: Mitel 6869i Voip Deskphone Version 4.2.2032 - SIP Not Affected: unknown Vulnerability: Mitel 6869i SIP Deskphone 4.2.2032: Unauthenticated Bash Command...
Mitel 6869i Voip Deskphone 4.2.2032 Command Injection
BlueBox Security http://www.bluebox-security.de/ securityatbluebox-security.de bbs-2019.001.txt 08-August-2019 Vendor: Mitel Affected Products: Mitel 6869i Voip Deskphone Version 4.2.2032 - SIP Not Affected: unknown Vulnerability: Mitel 6869i SIP Deskphone 4.2.2032: Unauthenticated Bash Command...
5 Biggest Hosting Companies hacked by Syrian Electronic Army
Once again, Syrian Electronic Army SEA has gain media attention by compromising a number of popular web hosting brands of one of the leading web-hosting companies Endurance International Group INC that manages over 60 different hosting brands. SEA, a pro-hacker group supposed to be aligned with...
Android new vulnerability exposure: hack may fake and authentic applications-vulnerability warning-the black bar safety net
Ticker 7 on 3 0 September morning news, on Tuesday released a study on the display, the Google Android operating system has a security vulnerability that can allow a hacker to fake a trusted formal application, thereby hijacking the user's smartphone or tablet. The security company Bluebox Securi...
Android "Fake ID" Vulnerability Allows Malware to Impersonate Trusted Apps
Due to the majority in the mobile platform, Google’s Android operating system has been a prior target for cybercriminals and a recently exposed weakness in the way the operating system handles certificate validation, left millions of Android devices open to attack. Researchers at BlueBox security...
Critical Android FakeID Bug Allows Attackers to Impersonate Trusted Apps
There is a critical vulnerability in millions of Android devices that allows a malicious app to impersonate a trusted application in a transparent way, enabling an attacker to take a number of actions, including inserting malicious code into a legitimate app or even take complete control of an...
Jeff Forristal on the Android Master-Key Vulnerability
When news of the Android master-key vulnerability began leaking out in early July, details were hard to come by, and that was done intentionally. The researchers at Bluebox Security, a mobile-security start-up, had discovered the vulnerability and were planning to disclose the details of the bug ...
Chinese Hackers discovered second Android master key vulnerability
Android Security Squad, the China-based group that uncovered a second Android master key vulnerability that might be abused to modify smartphone apps without breaking their digital signatures. The whole point of digitally signing a document or file is to prove the file hasn't been modified. The...
Chinese Hackers discovered second Android master key vulnerability
Android Security Squad, the China-based group that uncovered a second Android master key vulnerability that might be abused to modify smartphone apps without breaking their digital signatures. The whole point of digitally signing a document or file is to prove the file hasn't been modified. The...
Another Android Master Key Attack Published
A second Android Master Key attack has been reported that takes advantage of the vulnerability in the way Android reads APK files, enabling hackers to modify signed legitimate apps with malware. The vulnerability occurs in the way Android conducts integrity checks on APK files. An attacker could...
Android Master Key Bug Details Made Public
The details of the Android vulnerability that enables an attacker to create a malicious update to an APK file without breaking its cryptographic signature have become public but it appears as though Google will have a patch ready for the flaw by the time it’s fully disclosed early next month. The...
Exploit for most critical Android vulnerability publicly released
What if hackers could take an existing legitimate app or update with a valid digital signature, and modify it in order to use it as a malicious Trojan to access everything on your Android phone or tablet? Last week, researchers from Bluebox Security announced that the Android operating system has...
Android Vulnerability Bypasses App's Digital Signature
A vulnerability exists in the Android code base that would allow a hacker to modify a legitimate, digitally signed Android application package file APK and not break the app’s cryptographic signature—an action that would normally set off a red flag that something is amiss. Researchers at startup...
Security Veterans Score Funding for New Startup Bluebox
Many people would consider themselves lucky to be a part of one successful start-up company, but for a select group of entrepreneurs, engineers and executives, that’s just the beginning. Such is the case for the team behind new mobile security firm Bluebox, a stealth-mode company that counts SPI...
Phone Phreaking using Bluebox Demonstrated in India
Phone Phreaking using Bluebox Demonstrated in India Christy Philip Mathew, an Indian Information Security Instructor and Hacker demonstrated Phone Phreaking using Bluebox in his lab. This time we have something really special that would remind us the phone phreaking. Actually Phone Phreaking...
n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2010.002 20-September-2010 Vendor: Alcatel Affected Products: OmniVista 4760 server: all versions prior to release R5.1.06.03.cPatch3. Vulnerability: arbitrary code execution Risk: High CVE-Number: CVE-2010-3281 Vendor communication:...