69 matches found
CVE-2019-13021
Bond JetSelect (all versions) stores administrator passwords in an unprotected filesystem file ( /opt/JetSelect/SFC/resources/sfc-general-properties ), instead of encrypting them in the database. The passwords are created via ENCtool.jar during installation and backed up by the installer, enablin...
CVE-2012-3409
ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation...
CVE-2019-10773
In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set...
kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members
A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group an...
CVE-2017-16130
CVE-2017-16130 affects the exxxxxxxxxxx JavaScript package (described as an Http eX Frame Google Style Guide). The vulnerability is a directory traversal issue: by placing "../" in the URL, an attacker can access files on the filesystem. Accessible files are limited to those with a file extension...
CVE-2018-7169
CVE-2018-7169 affects shadow-tools: shadow 4.5 (shadow-utils) contains a setuid newgidmap that can place an unprivileged user in a user namespace where setgroups(2) is allowed. This enables the user to remove themselves from a supplementary group, potentially bypassing group-based access restrict...
CVE-2014-3519
The CVE-2014-3519 details: OpenVZ modification for the Linux kernel 2.6.32, before 042stab090.5, with simfs, exposes open_by_handle_at in vzkernel to local container users with CAP_DAC_READ_SEARCH, bypassing container protections and enabling access to arbitrary files via file_handle-related vect...
Zivif Web Cameras Multiple Vulnerabilities
Implementation of access controls is Zivif cameras is severely lacking.As a result, CGI functions can be called directly, bypassing authentication checks. This was first identified with the following request CVE-2017-17106 http:///web/cgi-bin/hi3510/param.cgi?cmd=getuser Cameras respond to this...
Deniz Kabuğu - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities
HackApp vulnerability scanner discovered that application Deniz Kabuğu published at the 'play' market has multiple vulnerabilities...
Jelly Jamm 2 - Videos for Kids - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities
HackApp vulnerability scanner discovered that application Jelly Jamm 2 - Videos for Kids published at the 'play' market has multiple vulnerabilities...
Spring Garden’s Care - Customized SSL, Dangerous filesystem permissions, Hardcoded secrets vulnerabilities
HackApp vulnerability scanner discovered that application Spring Garden’s Care published at the 'play' market has multiple vulnerabilities...
Princess Castle Cleanup - Customized SSL, Dangerous filesystem permissions, Hardcoded secrets vulnerabilities
HackApp vulnerability scanner discovered that application Princess Castle Cleanup published at the 'play' market has multiple vulnerabilities...
Ninja Rush - Dangerous filesystem permissions, GPL license, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Ninja Rush published at the 'play' market has multiple vulnerabilities...
Can You Escape - Dangerous filesystem permissions, Insecure KeyStore, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Can You Escape published at the 'play' market has multiple vulnerabilities...
Face Changer - Photo Editor - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities
HackApp vulnerability scanner discovered that application Face Changer - Photo Editor published at the 'play' market has multiple vulnerabilities...
Tap the Frog Faster - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Tap the Frog Faster published at the 'play' market has multiple vulnerabilities...
WEB.DE Mail - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities
HackApp vulnerability scanner discovered that application WEB.DE Mail published at the 'play' market has multiple vulnerabilities...
billiger.de Preisvergleich - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities
HackApp vulnerability scanner discovered that application billiger.de Preisvergleich published at the 'play' market has multiple vulnerabilities...
Learn English By Conversation - Customized SSL, Dangerous filesystem permissions, MIT license vulnerabilities
HackApp vulnerability scanner discovered that application Learn English By Conversation published at the 'play' market has multiple vulnerabilities...
CVE-2014-9729
CVE-2014-9729 affects the Linux kernel’s UDF filesystem implementation (fs/udf/inode.c: udf_read_inode). The issue is the function’s failure to ensure data-structure size consistency, enabling a local attacker to crash the system via a crafted UDF image. The vulnerability exists in kernel version...