Lucene search
K

2028 matches found

Hacker One
Hacker One
added 2018/09/25 5:4 p.m.18 views

Shipt: Vulnerabilities in exported activity WebView

Hello, i want to report the vulnerability found, Since the following activity com.pushio.manager.iam.ui.PushIOMessageViewActivity has exported=true it can be exploited by 3rd parties. Vulnerability com.pushio.manager.iam.ui.PushIOMessageViewActivity has exported set to true making the activity...

Exploits0
NVD
NVD
added 2018/09/24 11:29 p.m.20 views

CVE-2018-11614

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

8.8CVSS8.9AI score0.01296EPSS
Exploits0References1
OSV
OSV
added 2018/09/24 11:29 p.m.4 views

CVE-2018-11614

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

8.8CVSS6AI score0.01296EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/09/24 11:0 p.m.24 views

CVE-2018-11614

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

8.9AI score0.01296EPSS
Exploits0References1
CNVD
CNVD
added 2018/08/31 12:0 a.m.3 views

Samsung Members Elevation of Privilege Vulnerability

Samsung Members is a membership service application for Samsung cell phones from Samsung South Korea. An elevation of privilege vulnerability exists in the handling of Intents in Samsung Members. An attacker can exploit this vulnerability to gain elevation of privilege by obtaining execution...

8.8CVSS9AI score0.01296EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2018/08/20 4:7 p.m.16 views

GandCrab’s Rotten EGGs Hatch Ransomware in South Korea

The VenusLocker group appears to be back, hatching a fresh GandCrab ransomware campaign, so to speak, using the EGG niche file type. The emails with EGG attachments are meant to specifically take aim at South Korean users. Trend Micro researchers, who first observed the offensive campaign in earl...

7.2AI score
Exploits0References7
OSV
OSV
added 2018/06/11 9:29 p.m.4 views

CVE-2017-7759

Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems are not affected...

7.5CVSS7.3AI score
Exploits0References4
Prion
Prion
added 2018/06/11 9:29 p.m.12 views

Code injection

Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerabili...

5CVSS5.2AI score0.01471EPSS
Exploits0References4Affected Software1
myhack58
myhack58
added 2018/06/08 12:0 a.m.176 views

Pwn2Own Huawei HiApp vulnerability principle and the use of analysis of under-vulnerability warning-the black bar safety net

0×01 Preface Pwn2Own Huawei HiApp vulnerability principle and the use of the analysison Reading this article is the basis for understanding previous attacks construct the link. 0×02 vulnerability analysis I don't know if the attentive classmates found in my article analysis article left in the eg...

1AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2018/06/07 12:0 a.m.41 views

(Pwn2Own) Samsung Members Intent Proxy Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

4.4CVSS2.5AI score0.01296EPSS
Exploits0
NVD
NVD
added 2018/06/04 7:29 p.m.12 views

CVE-2017-16053

fabric-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

7.5CVSS7.5AI score0.01123EPSS
Exploits0References1
Hacker One
Hacker One
added 2018/03/21 10:53 p.m.133 views

Zomato: [Zomato Android/iOS] Theft of user session

Hi, I'd like to report a bug which allows to theft user data even without installing third-party apps. Activity xml is exported, and can be accessed by browser. When any WebView in a client app, or a browser meets a zomato://etc URL it will automatically launch Zomato app. File...

1.6AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2018/01/17 5:8 p.m.26 views

The Third Question(s) Today’s CEOs Should Ask (& Know the Answers To)

In a previous blog, we discussed Commander’s Intent for CEOs and introduced 10 questions CEOs should be asking their teams. In this blog series, I am going to take a deeper dive into each question and break them down one at a time. We will discuss why CEOs should care about each question and the...

6.6AI score
Exploits0
NVD
NVD
added 2017/12/28 2:29 a.m.20 views

CVE-2015-7889

The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICKREPLYBACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain...

5.5CVSS5.2AI score0.02257EPSS
Exploits1References4
NVD
NVD
added 2017/12/12 12:29 a.m.29 views

CVE-2017-17553

The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser...

5.3CVSS5.1AI score0.0085EPSS
Exploits0References1
Prion
Prion
added 2017/12/12 12:29 a.m.15 views

Code injection

The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser...

5CVSS5.2AI score0.0085EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2017/12/12 12:29 a.m.5 views

CVE-2017-17553

The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser...

5.3CVSS5.8AI score0.0085EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/12/12 12:0 a.m.22 views

CVE-2017-17553

The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser...

5.2AI score0.0085EPSS
Exploits0References1
CVE
CVE
added 2017/12/12 12:0 a.m.44 views

CVE-2017-17553

The vulnerability CVE-2017-17553 affects the Dolphin Browser for Android, version 12.0.2, due to an insecure parsing implementation of the Intent URI scheme. This flaw could allow an attacker to abuse a malicious Intent URI to invoke private Activities within the Dolphin Browser. Root cause: inse...

5.3CVSS5.1AI score0.0085EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2017/10/29 10:25 p.m.19 views

Modifiable Secondary Configuration Values

cordova-android has modifiable secondary configuration values. If an application is created without explicit values set in the config.xml file, attackers can set these variables by using Intent. Leveraging this, they can change the behavior of the application...

5.3CVSS5.6AI score0.05911EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder