Lucene search
K

2029 matches found

Prion
Prion
added 2016/05/23 7:59 p.m.20 views

Code injection

Lenovo SHAREit before 3.5.98ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack."...

9.3CVSS7.4AI score0.01945EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2016/05/23 7:0 p.m.48 views

CVE-2016-4782

The connected Lenovo advisory confirms CVE-2016-4782 affects SHAREit for Android versions older than 3.5.98_ww on devices running Android

9.3CVSS7.3AI score0.01945EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2016/05/23 7:0 p.m.28 views

CVE-2016-4782

Lenovo SHAREit before 3.5.98ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack."...

8.7AI score0.01945EPSS
Exploits0References1
Prion
Prion
added 2016/05/07 10:59 a.m.19 views

Double free

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler...

10CVSS8AI score0.0623EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2016/05/07 10:0 a.m.27 views

CVE-2013-7455

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler...

9.7AI score0.0623EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2016/05/06 7:48 a.m.23 views

CVE-2013-7455

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler...

10CVSS9.4AI score0.0623EPSS
Exploits0References1
OSV
OSV
added 2016/05/04 7:36 p.m.9 views

USN-2961-1 lcms2 vulnerability

It was discovered that a double free could occur when the intent handling code in the Little CMS library detected an error. An attacker could use this to specially craft a file that caused an application using the Little CMS library to crash or possibly execute arbitrary code...

10CVSS7.5AI score0.0623EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2016/05/04 5:30 p.m.24 views

CVE-2013-7455

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler...

10CVSS7.3AI score0.0623EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2016/04/04 5:4 p.m.11 views

Data Leaking 'Surreptitious Sharing' Vulnerability Identified in Android API

Researchers have identified a vulnerability in an Android API used by messaging apps such as Skype and perhaps more concerning, privacy-centric apps such as Signal, and Telegram, that could lead to privilege escalation and data loss including private keys. Dominik Schürmann and Lars Wolf,...

8AI score
Exploits0References5
myhack58
myhack58
added 2015/11/27 12:0 a.m.156 views

Samsung Android 5. 0 device WifiCredService remote code execution-vulnerability warning-the black bar safety net

The vulnerability is in a few months ago is Google Project Zero and the Quarkslab team found, has only recently been disclosed. The vulnerability only requires the user to browse a website or download a mail attachment or by the basic will not have any rights of a third party malicious programs c...

0.3AI score
Exploits0
NVD
NVD
added 2015/11/05 5:59 a.m.17 views

CVE-2015-7191

Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting XSS attacks via vectors involving an intent: URL and fallback navigation, aka "Universal XSS UXSS."...

4.3CVSS5AI score0.01467EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2015/11/05 5:59 a.m.22 views

CVE-2015-7191

Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting XSS attacks via vectors involving an intent: URL and fallback navigation, aka "Universal XSS UXSS."...

4.3CVSS7.2AI score0.01467EPSS
Exploits0References2
myhack58
myhack58
added 2015/11/05 12:0 a.m.32 views

Baidu really fixed all of the WormHole vulnerability?-vulnerability warning-the black bar safety net

You can’t have a back door in the software because you can’t have a back door that's only for the good guys.“ - Apple CEO Tim Cook You should not give software to install the back door, because you can't guarantee that this Backdoor only the good guys can use the--Apple CEO cook 0×0 developments...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2015/11/03 9:43 p.m.18 views

X (Formerly Twitter): Following a User After Favoriting Actually Follows Another User (related to #95243)

Hi, There appears to be a bug similar to 95243 which affects following a user after favoriting one of their tweets via an Intent dialog. The following is a proof of concept: https://twitter.com/intent/favorite/?tweetid=661625230297821184&screenname=ericrtest3 The screenname param submits with the...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2015/11/02 6:2 p.m.147 views

ok.ru: Multiple critical vulnerabilities in Odnoklassniki Android application

Hello, I have recently found several critical vulnerabilities in Odnoklassniki Android application, which is one of your projects, thus I am reporting it here. The first vulnerability is so called Intent spoofing. The vulnerability lies in ability to start the video upload activity of Odnoklassni...

7.4AI score
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2015/11/02 12:0 a.m.30 views

Hack The Galaxy: Hunting Bugs in the Samsung Galaxy S6 Edge

Posted by Natalie Silvanovich, Planner of Bug Bashes Recently, Project Zero researched a popular Android phone, the Samsung Galaxy S6 Edge. We discovered and reported 11 high-impact security issues as a result. This post discusses our motivations behind the research, our approach in looking for...

8.8CVSS7.8AI score0.08852EPSS
Exploits10
Hacker One
Hacker One
added 2015/10/22 11:7 p.m.25 views

X (Formerly Twitter): Following a User Actually Follows Another User

I can display a web intent page to a victim that appears to prompt them to follow one user, but actually ends up following a completely different user when they click "follow". The following is a proof of concept:...

6.8AI score
Exploits0
Prion
Prion
added 2015/10/01 12:59 a.m.19 views

Deserialization of untrusted data

The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka...

9.3CVSS7.9AI score0.01491EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2015/10/01 12:59 a.m.14 views

Design/Logic Flaw

The SIM Toolkit STK framework in Android before 5.1.1 LMY48I allows attackers to 1 intercept or 2 emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to com/android/internal/telephony/cat/AppInterface.java, aka internal bug 21697171...

9.3CVSS7.2AI score0.01536EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2015/10/01 12:0 a.m.36 views

CVE-2015-1541

The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a 1 FLAGGRANTREADURIPERMISSION or 2...

6.3AI score0.00477EPSS
Exploits0References2
Rows per page
Query Builder