2028 matches found
Shipt: Vulnerabilities in exported activity WebView
Hello, i want to report the vulnerability found, Since the following activity com.pushio.manager.iam.ui.PushIOMessageViewActivity has exported=true it can be exploited by 3rd parties. Vulnerability com.pushio.manager.iam.ui.PushIOMessageViewActivity has exported set to true making the activity...
CVE-2018-11614
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
CVE-2018-11614
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
CVE-2018-11614
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
Samsung Members Elevation of Privilege Vulnerability
Samsung Members is a membership service application for Samsung cell phones from Samsung South Korea. An elevation of privilege vulnerability exists in the handling of Intents in Samsung Members. An attacker can exploit this vulnerability to gain elevation of privilege by obtaining execution...
GandCrab’s Rotten EGGs Hatch Ransomware in South Korea
The VenusLocker group appears to be back, hatching a fresh GandCrab ransomware campaign, so to speak, using the EGG niche file type. The emails with EGG attachments are meant to specifically take aim at South Korean users. Trend Micro researchers, who first observed the offensive campaign in earl...
CVE-2017-7759
Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems are not affected...
Code injection
Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerabili...
Pwn2Own Huawei HiApp vulnerability principle and the use of analysis of under-vulnerability warning-the black bar safety net
0×01 Preface Pwn2Own Huawei HiApp vulnerability principle and the use of the analysison Reading this article is the basis for understanding previous attacks construct the link. 0×02 vulnerability analysis I don't know if the attentive classmates found in my article analysis article left in the eg...
(Pwn2Own) Samsung Members Intent Proxy Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...
CVE-2017-16053
fabric-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
Zomato: [Zomato Android/iOS] Theft of user session
Hi, I'd like to report a bug which allows to theft user data even without installing third-party apps. Activity xml is exported, and can be accessed by browser. When any WebView in a client app, or a browser meets a zomato://etc URL it will automatically launch Zomato app. File...
The Third Question(s) Today’s CEOs Should Ask (& Know the Answers To)
In a previous blog, we discussed Commander’s Intent for CEOs and introduced 10 questions CEOs should be asking their teams. In this blog series, I am going to take a deeper dive into each question and break them down one at a time. We will discuss why CEOs should care about each question and the...
CVE-2015-7889
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICKREPLYBACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain...
CVE-2017-17553
The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser...
Code injection
The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser...
CVE-2017-17553
The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser...
CVE-2017-17553
The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser...
CVE-2017-17553
The vulnerability CVE-2017-17553 affects the Dolphin Browser for Android, version 12.0.2, due to an insecure parsing implementation of the Intent URI scheme. This flaw could allow an attacker to abuse a malicious Intent URI to invoke private Activities within the Dolphin Browser. Root cause: inse...
Modifiable Secondary Configuration Values
cordova-android has modifiable secondary configuration values. If an application is created without explicit values set in the config.xml file, attackers can set these variables by using Intent. Leveraging this, they can change the behavior of the application...