2030 matches found
CVE-2014-3500
Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL...
Information disclosure
Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent...
CVE-2014-3500
Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL...
CVE-2014-3502
Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent...
CVE-2014-3500
Apache Cordova for Android (pre-3.5.1) is vulnerable to Cross-Application Scripting via crafted Android intents that can change the start page, enabling an attacker to execute script in the victim’s browser and potentially steal cookie-based credentials. The issue stems from insufficient input va...
Millet mobile phone MIUI remote code execution vulnerability analysis-vulnerability warning-the black bar safety net
Author: song Shen lei Reproduced please indicate the source http://blogs.360.cn/360mobile/2014/08/25/miui-rce-vul/ 7 on I in the study of the webview vulnerability when the specially picked millet phone MIUI tested,found a very obvious security vulnerability. Through the vulnerability can remotel...
GTK+ 1.2.8 Arbitrary Loadable Module Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2165/info GTK+ is the Gimp Toolkit, freely available to the public and maintained by the GTK Development Team. A problem exists in the Gimp Toolkit that could allow a user elevated privileges. The problem occurs in the...
Ten Years Later, Cabir Worm's Place in History is Unique
It’s difficult to remember now–and seems quaint even if you can recall it–but there was a time in the not-so-distant past when industry analysts and security experts were worried about the coming mobile malware apocalypse. Self-replicating malware would soon be flooding our phones, deleting our...
SA-CONTRIB-2014-060- Petitions - Cross Site Request Forgery (CSRF)
This distribution enables you to build an application that lets users create and sign petitions. The contained whpetitions module doesn't sufficiently verify the intent of the user when signing a petition. A malicious user could trick another user into signing a petition they did not intend to si...
Multiple Vulnerabilities in Firefox for Android Leak Sensitive Information
The Android operating system has hardened its security with application Sandboxing features to ensure that no application can access sensitive information held by another without proper privileges. Android applications communicate with each other through Intents and these intents can be abused by...
Phony SSL Certs Spoof Google, Facebook, GoDaddy, others
Dozens of phony SSL certificates were discovered this week mocking legitimate certs from banks, e-commerce sites, ISPs and social networks. If a user stumbled over one of the bogus certificates on a mobile device it could put them at risk for a man-in-the-middle attack. Disguised as official...
Opera browser for Android issue in handling intent scheme URL's
Overview Opera browser for Android contains an issue in the handling of intent scheme URL's. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When a use...
JVN#23256725: Opera browser for Android issue in handling intent scheme URL's
Opera browser for Android contains an issue in the handling of intent scheme URL's. Impact When a user views a specially crafted page, the Opera browser for Android cookie file may be disclosed. Solution Apply an Update Apply the appropriate update for the version of the software being used...
WordPress ThisWay Shell Upload
. . / / | // | | .. / \ \ \ \ \ / ||| \ | | / \ / |/ | |/ | / | | // | | | | \ / //|| /\ \ ||| / | /\ /// \ \ //|| | / /|| /| ||/|| / / / / || // / / / / || / / Exploit title: WordPress ThisWay theme - Arbitrary File Upload Vulnerability Author: Bet0 Google Dork:...
CVE-2013-3580
The TrustGo Antivirus & Mobile Security application before 1.3.6 for Android allows attackers to cause a denial of service application crash via a crafted application that sends an intent to com.trustgo.mobile.security.USSDScannerActivity with zero arguments...
TrustGo Antivirus & Mobile Security contains a denial-of-service vulnerability
Overview TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 contain a denial-of-service CWE-20 vulnerability. Description CWE-20:Improper Input Validation- CVE-2013-3580TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 crash if an intent is sent to...
SuSE 11.3 Security Update : lcms2 (SAT Patch Number 8091)
lcms2 has been updated to the version 2.5 which is a maintenance release to fix various security and other bugs. - User defined parametric curves can now be saved in ICC profiles. - RGB profiles using same tone curves for several channels are storing now only one copy of the curve - update black...
CVE-2013-3579
The Lookout Mobile Security application before 8.17-8a39d3f for Android allows attackers to cause a denial of service application crash via a crafted application that sends an intent to com.lookout.security.ScanTell with zero arguments...
Code injection
The Lookout Mobile Security application before 8.17-8a39d3f for Android allows attackers to cause a denial of service application crash via a crafted application that sends an intent to com.lookout.security.ScanTell with zero arguments...
CVE-2013-3579
The Lookout Mobile Security application before 8.17-8a39d3f for Android allows attackers to cause a denial of service application crash via a crafted application that sends an intent to com.lookout.security.ScanTell with zero arguments...