4064 matches found
CVE-2019-15417
The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app versionCode=7, versionName=7.0.5 that allows unauthorized dynamic code...
Code injection
The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app versionCode=7, versionName=7.0.5 that allows unauthorized dynamic code...
CVE-2019-15417
The CVE-2019-15417 entry concerns a Tecno Spark Pro Android device (build TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys) with a pre-installed app, com.lovelyfont.defcontainer (versionCode 7, versionName 7.0.5), that allows unauthorized dynamic code loading via a conf...
CVE-2019-15417
The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app versionCode=7, versionName=7.0.5 that allows unauthorized dynamic code...
The vulnerability of the software for implementing the hypertext environment MediaWiki lies in its ability to load user JavaScript code from a non-existent account, allowing a violator to compromise the integrity of the data.
The vulnerability of the software for implementing the hypertext environment MediaWiki is related to the possibility of loading user JavaScript code from a non-existent account. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of the data...
PT-2019-5544 · Ruby +6 · Bundler +6
Name of the Vulnerable Software and Affected Versions: Bundler versions prior to 2.1.0 Description: The issue is related to the use of predictable paths in /tmp/ with insecure permissions as a storage location for gems when locations under the user's home directory are not available. If Bundler i...
Node.js third-party modules: [larvitbase-www] Unintended Require
I would like to report Unintended Require vulnerability in larvitbase-www It is similar to bug found here 566056 because the module is maintained by the same developer, but it is a different module and the code behind the vulnerability is different. It allows loading arbitary non-production code ...
Node.js third-party modules: [larvitbase-api] Unintended Require
I would like to report Unintended Require vulnerability in larvitbase-api It allows loading arbitary non-production code js files. Module module name: larvitbase-api version: 0.5.3 npm page: https://www.npmjs.com/package/larvitbase-api Module Description REST http API base framework based on...
Mes Comptes - LCL pour mobile - Certificates or keys found, Dynamic Code Loading, Exported components vulnerabilities
HackApp vulnerability scanner discovered that application Mes Comptes - LCL pour mobile published at the 'play' market has multiple vulnerabilities...
CVE-2016-5713
CVE-2016-5713 affects Puppet Agent before 1.6.0, where the Puppet Execution Protocol (PXP) agent passed environment variables to Puppet runs. This could allow unauthorized code to be loaded, with the issue introduced in Puppet Agent 1.3.0. Affected versions include 1.3.0 through 1.5.x. The docume...
Qtouch General Edition is vulnerable to an untrustworthy code loading flaw
Qtouch General Purpose Edition is automation software that integrates the functions of device communication, graphic display, data conversion, logic processing, etc. and provides secondary development. Qtouch Universal Edition is vulnerable to an untrustworthy code loading flaw. The attacker...
LinkedIn - Dynamic Code Loading, Exported components, External URLs vulnerabilities
HackApp vulnerability scanner discovered that application LinkedIn published at the 'play' market has multiple vulnerabilities...
DreamTV - Dynamic Code Loading, External URLs, SD-card access vulnerabilities
HackApp vulnerability scanner discovered that application DreamTV published at the 'play' market has multiple vulnerabilities...
SnapSaver for Snapchat - Dynamic Code Loading, External URLs, Possible privilege escalation vulnerabilities
HackApp vulnerability scanner discovered that application SnapSaver for Snapchat published at the 'play' market has multiple vulnerabilities...
WO Mic - FREE microphone - Dynamic Code Loading, External URLs, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application WO Mic - FREE microphone published at the 'play' market has multiple vulnerabilities...
Cek Tagihan Listrik PLN - Dynamic Code Loading, External URLs, Unsafe deleting vulnerabilities
HackApp vulnerability scanner discovered that application Cek Tagihan Listrik PLN published at the 'play' market has multiple vulnerabilities...
Tapas – Books, Comics, Stories - Dynamic Code Loading, Exported components, External URLs vulnerabilities
HackApp vulnerability scanner discovered that application Tapas – Books, Comics, Stories published at the 'play' market has multiple vulnerabilities...
Kik - Certificates or keys found, ContentProvider mode not defined, Dynamic Code Loading vulnerabilities
HackApp vulnerability scanner discovered that application Kik published at the 'play' market has multiple vulnerabilities...
Rope Hero: Vice Town - Dynamic Code Loading, Exported components, External URLs vulnerabilities
HackApp vulnerability scanner discovered that application Rope Hero: Vice Town published at the 'play' market has multiple vulnerabilities...
8 Ball Pool Instant Rewards - Free coins - Dynamic Code Loading, External URLs, Possible privilege escalation vulnerabilities
HackApp vulnerability scanner discovered that application 8 Ball Pool Instant Rewards - Free coins published at the 'play' market has multiple vulnerabilities...