EUVD-2025-26857

Malicious code in bioql PyPI...

EUVD-2021-2994

Malicious code in bioql PyPI...

CVE-2025-26425

In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. This could lead to local escalation of privilege on versions of Android where android.permission.MANAGEDEFAULTAPPLICATIONS was not defined with no additional executi...

CVE-2025-26425

In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. This could lead to local escalation of privilege on versions of Android where android.permission.MANAGEDEFAULTAPPLICATIONS was not defined with no additional executi...

CVE-2025-26425

The CVE-2025-26425 entry describes a local privilege-escalation issue in Android related to RoleService.java, caused by a logic error that enables permission squatting when android.permission.MANAGE_DEFAULT_APPLICATIONS is not defined. Exploitation is stated to require no user interaction, and th...

CVE-2025-26425

In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. This could lead to local escalation of privilege on versions of Android where android.permission.MANAGEDEFAULTAPPLICATIONS was not defined with no additional executi...

CVE-2025-26425

In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. This could lead to local escalation of privilege on versions of Android where android.permission.MANAGEDEFAULTAPPLICATIONS was not defined with no additional executi...

Android apps with millions of downloads exposed to high-severity vulnerabilities

Microsoft uncovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote albeit complex or local attacks. The vulnerabilities, which affected apps...

Jarm - Active Transport Layer Security (TLS) server fingerprinting tool

Please read the initial JARM blog post for more information. JARM is an active Transport Layer Security TLS server fingerprinting tool. JARM fingerprints can be used to: Quickly verify that all servers in a group have the same TLS configuration. Group disparate servers on the internet by...

Ubuntu Apport < 2.20.4 Code Execution on Ubuntu Desktop（CVE-2016-9949）

This research was inspired by Chris Evan’s great work on exploiting client-side file format parsing bugs in the gstreamer media library on Ubuntu. We will look for other default file handlers on Ubuntu which may be vulnerable to exploitation. I’m not a binary exploitation guru like Chris so inste...

Sybase EAServer 6.3.1 - Multiple Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Sybase EAServer vulnerable version: =6.3.1 fixed version: vendor did not supply version information CVE number: - impact: critical...

SEC Consult SA-20130719-0 :: Multiple vulnerabilities in Sybase EAServer

SEC Consult Vulnerability Lab Security Advisory 20130719-0 ======================================================================= title: Multiple vulnerabilities product: Sybase EAServer vulnerable version: =6.3.1 fixed version: vendor did not supply version information CVE number: - impact:...

Sybase EAServer 6.3.1 Multiple Vulnerabilities

Sybase EAServer versions 6.3.1 and below suffer from directory traversal, XML entity injection, and OS command execution vulnerabilities. title: Multiple vulnerabilities product: Sybase EAServer vulnerable version: =6.3.1 fixed version: vendor did not supply version information CVE number: -...

Force change of password when enabling the default applications in crowd

Currently it is too easy for an administrator to click through the crowd setup wizard and enable the openid & demo application and not set passwords for either of the applications. It should not be possible to enable a default application without first changing the default password...

Lil' HTTP Server 2.2 Cross Site Scripting

Lil' HTTP Server v2.2 Default CGI From Xss Vulnerability Discription : In Lil' HTTP server 2.2v come with some Default applications in "CGI Form Demo" Applicatio they alows you to submit your name and e-mail . there is a XSS vuln in submit application Sample :...

Default Applications

Under the Programs tab, you can specify your default applications for viewing web sites, email messages, HTML editing and various other network related tasks. You can also disable Internet Explorer from asking you if you would like it to be your default web browser here. See more information on...