50 matches found
PT-2026-3764
GitHub - canyie/CVE-2024-23700: PoC for CVE-2024-23700, privilege escalation allows silently obtain permissions to read/write contacts, SMS, calendar, call log and voicemail, make outgoing calls or answer incoming calls, manipulate call settings, access https://t.co/CCm7jUKWw6...
EUVD-2011-4621
Malware in sbrugna...
EUVD-2007-3424
Malware in sbrugna...
EUVD-2022-25790
Malicious code in bioql PyPI...
CVE-2022-20530
In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2315856...
CVE-2011-4703
The Limit My Call com.limited.call.view application 2.11 for Android does not properly protect data, which allows remote attackers to read or modify call logs and a contact list via a crafted application...
LianSpy: new Android spyware targeting Russian users
In March 2024, we discovered a campaign targeting individuals in Russia with previously unseen Android spyware we dubbed LianSpy. Our analysis indicates that the malware has been active since July 2021. This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs a...
“Nearly all” AT&T customers had phone records stolen in new data breach disclosure
In a déjà-vu nightmare, US phone giant AT&T has notified customers that cybercriminals managed to download phone call and text message records of "nearly all of AT&T cellular customers from May 1, 2022 to October 31, 2022 as well as on January 2, 2023". In a filing with the Securities and Exchang...
Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android Devices
Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called Rafel RAT to meet their operational objectives by masquerading it as Instagram, WhatsApp, and various e-commerce and antivirus apps. "It provides malicious actors with ...
Cisco IP Phones Call Log Information Disclosure (CVE-2020-3360)
A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected...
Android Spy App LetMeSpy Suffers Major Data Breach, Exposing Users' Personal Data
Android-based phone monitoring app LetMeSpy has disclosed a security breach that allowed an unauthorized third-party to steal sensitive data associated with thousands of Android users. "As a result of the attack, the criminals gained access to email addresses, telephone numbers and the content of...
Stalkerware Vendor Hacked
The stalkerware company LetMeSpy has been hacked: TechCrunch reviewed the leaked data, which included years of victims call logs and text messages dating back to 2013. The database we reviewed contained current records on at least 13,000 compromised devices, though some of the devices shared litt...
Design/Logic Flaw
An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allow...
CVE-2023-27108
CVE-2023-27108 (KaiOS 3.0) concerns the pre-installed Communications app, which exposes a Web Activity that returns the user’s call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app with no user interaction or consent, enabling exfi...
CVE-2023-27108
An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allow...
PT-2023-20958 · Kaios · Kaios
Name of the Vulnerable Software and Affected Versions: KaiOS version 3.0 Description: An issue was discovered in the pre-installed Communications application, which exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript...
KaiOS 安全漏洞
KaiOS is an application software. application for smart feature phones. A security vulnerability exists in KaiOS version 3.0, which stems from the ability to return a user's call logs without origin or privilege checking, which could allow an attacker to inject a JavaScript payload running in the...
CVE-2022-20530
In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2315856...
CVE-2022-20530
In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2315856...
CVE-2022-20530
In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2315856...