Lucene search
K

10 matches found

Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.379 views

Android Browser Remote Code Execution Through Google Play Store XFO

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Browser RCE Through Google Play Store XFO', 'Description' = %q This module combines two vulnerabilities to achieve remote code execution ...

5.8CVSS7.2AI score0.18278EPSS
Exploits7
Circl
Circl
added 2018/05/29 3:50 p.m.18 views

CVE-2014-6041

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/androidstockbrowseruxss.rb 2018-05-29 15:50:33+00:00| seen|...

5.8CVSS5.9AI score0.18278EPSS
Exploits7References3
ThreatPost
ThreatPost
added 2015/02/11 1:5 p.m.24 views

Google Play Bug Can Allow Code Execution

Using a combination of vulnerabilities in the Google Play store and the Android stock browser, attackers can install malicious apps remotely on some Android devices. The attack is the result of a failure on the part of Google’s Play Store Web application to completely enforce the X-Frame-Options...

5.8CVSS2.1AI score0.18278EPSS
Exploits7References2
Metasploit
Metasploit
added 2015/02/10 5:3 p.m.52 views

Android Browser RCE Through Google Play Store XFO

This module combines two vulnerabilities to achieve remote code execution on affected Android devices. First, the module exploits CVE-2014-6041, a Universal Cross-Site Scripting UXSS vulnerability present in versions of Android's open source stock browser the AOSP Browser prior to 4.4. Second, th...

5.8CVSS8.9AI score0.18278EPSS
Exploits7
securityvulns
securityvulns
added 2014/10/14 12:0 a.m.58 views

CSP Bypass in android browser prior to 4.4

Hello. I hope this is the correct place to report this bug. I've found a Content Security Policy bypass similar to the same and related to the same origin policy bypass in this CVE. This is a separate vulnerability, however. https://vulners.com/cve/CVE-2014-6041 I've tested this on an Android 4.3...

5.8CVSS6.2AI score0.18278EPSS
Exploits7
Packet Storm
Packet Storm
added 2014/10/13 12:0 a.m.89 views

Android Browser CSP Bypass

Hello. I hope this is the correct place to report this bug. I've found a Content Security Policy bypass similar to the same and related to the same origin policy bypass in this CVE. This is a separate vulnerability, however. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6041 I've tested...

5.8CVSS8.8AI score0.18278EPSS
Exploits7
Check Point Advisories
Check Point Advisories
added 2014/09/22 12:0 a.m.8 views

Google Android Browser Same Origin Policy Bypass (CVE-2014-6041)

A security bypass vulnerability has been reported in Google Android's stock browser. Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute arbitrary script code in the browser of an unsuspecting user in the context of another...

5.8CVSS5.2AI score0.18278EPSS
Exploits7
The Hacker News
The Hacker News
added 2014/09/16 3:21 p.m.39 views

New Android Browser Vulnerability Is a “Privacy Disaster” for 70% Of Android Users

A Serious vulnerability has been discovered in the Web browser installed by default on a large number Approximately 70% of Android devices, that could allow an attacker to hijack users' open websites, and there is now a Metasploit module available to easily exploit this dangerous flaw. The exploi...

5.8CVSS8.4AI score0.18278EPSS
Exploits7
myhack58
myhack58
added 2014/09/05 12:0 a.m.22 views

Android built-in browser cross-domain vulnerabilities UXSS-a vulnerability warning-the black bar safety net

Related links: http://www.rafayhackingarticles.net/2014/08/android-browser-same-origin-policy.html Test Link: http://x7s.pw/001.html iframe name="m" src="http://www.myhack58.com/" onload="window. open'\u0000javascript:alertdocument. location','m'" Genesis: because the Android built-in browser to...

1.9AI score
Exploits0
CVE
CVE
added 2014/09/02 10:0 a.m.129 views

CVE-2014-6041

CVE-2014-6041 is a UXSS/SOP bypass in Android’s stock browser (AOSP) prior to 4.4 and in WebView, enabling cross-site script execution via crafted input containing a null character. Affected: Android stock browser before 4.4 and apps using WebView. Impact: partial confidentiality and integrity th...

5.8CVSS8.2AI score0.18278EPSS
Exploits7References8Affected Software1
Rows per page
Query Builder