EUVD-2013-6577

Malware in sbrugna...

usbhost.chainfire.eu Cross Site Scripting vulnerability OBB-3945552

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploit for Out-of-bounds Write in Google Android

AutomatedRoot !GitHubhttps://img.shields.io/github/license/...

Chainfire's SuHide — Now You Can Hide Your Android Root Status On Per-App Basis

Famous Android developer Chainfire released an experimental hack with a new app, called "Suhide," that allows users to hide the root status of their rooted Android devices on an app-by-app basis. Rooting your Android device can bring a lot of benefits by giving you access to a wide variety of app...

CVE-2013-6775

The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the 1 backtick or 2 $ type of shell metacharacters in the -c option to /system/xbin/su...

CVE-2013-6774

Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an...

Design/Logic Flaw

Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an...

Code injection

The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the 1 backtick or 2 $ type of shell metacharacters in the -c option to /system/xbin/su...

CVE-2013-6775

The CVE-2013-6775 entry describes a privilege escalation in Chainfire SuperSU for Android, affected before version 1.69. The root cause is that the -c argument to /system/xbin/su can be parsed through shell metacharacters (backtick or $( )), allowing an attacker-controlled command to be executed ...

CVE-2013-6775

The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the 1 backtick or 2 $ type of shell metacharacters in the -c option to /system/xbin/su...

Chainfire's Pry-Fi Android App released to defend against NSA Spying under Public Wi-Fi

Turn your face in any direction, someone is always trying to spy on you; doesn’t matter who and what you are? Just yesterday we reported that Communications Security Establishment Canada CSEC in Canada and NSA are together, running a spying program called 'game-changer'. It was revealed that the...

Android 4.2.x Superuser Unsanitized Environment Vulnerability

Vulnerable releases of several common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root without notifying the device owner. This advisoriy documents PATH and BOOTCLASSPATH vulnerabilities. Vulnerable releases of several common Android...

Android 4.2.x Superuser Shell Character Escape

Vulnerable releases of two common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root, either without prompting the user or after the user has denied the request: - CyanogenMod/ClockWorkMod/Koush Superuser current releases, including v1.0.2.1 ...

Android 4.2.x Superuser Unsanitized Environment

Vulnerable releases of several common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root without notifying the device owner: - ChainsDD Superuser current releases, including v3.1.3 - CyanogenMod/ClockWorkMod/Koush Superuser current releases,...