18 matches found
EUVD-2025-203405
The Cordova plugin cordova-plugin-x-socialsharing SocialSharing-PhoneGap-Plugin for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses...
EUVD-2023-25260
Malicious code in bioql PyPI...
CVE-2025-21038
Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information...
CVE-2023-21092
In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2023-21092
In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2023-21092
In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
Input validation
In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2023-21092
In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2023-21092
In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
ASB-A-242040055
In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2022-39861
Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege...
VK.com: [Клевер/Android] Небезопасный BroadcastReceiver позволяет создавать окно диалога в приложении посредством другого неавторизованного приложения
Небезопасный BroadcastReceiver. morethEnvulnerability Click to view screenshot Когда приложение видно пользователю в MainActivity регистрируются два ресивера: java registerReceiverthis.r, new IntentFilter"com.vk.quiz.action"; registerReceiverthis.q, new IntentFilter"com.vk.quiz.action.coins";...
Information modification vulnerability in multiple Samsung Galaxy devices
The Samsung Galaxy S4 and others are smart mobile devices released by the South Korean company Samsung Samsung. The information modification vulnerability exists in Samsung Galaxy S4 to S7 devices and stems from the program's failure to validate BroadcastReceiver responses. An attacker could...
CVE-2016-7988
On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.Samsung.android.intent.action.SETWIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of...
Code injection
On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.Samsung.android.intent.action.SETWIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of...
CVE-2016-7988
On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.Samsung.android.intent.action.SETWIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of...
Samsung Android 5. 0 device WifiCredService remote code execution-vulnerability warning-the black bar safety net
The vulnerability is in a few months ago is Google Project Zero and the Quarkslab team found, has only recently been disclosed. The vulnerability only requires the user to browse a website or download a mail attachment or by the basic will not have any rights of a third party malicious programs c...
Android Broadcast Assembly permission bypass vulnerability-vulnerability warning-the black bar safety net
Lolipop source code has been released some days, I found google in Android 5.0 on the Fix a high risk vulnerability, exploit the vulnerability you can send any broadcast: not only can you send a system protection level of the broadcast, you can also ignore receiver android:exported=false...