30 matches found
EUVD-2020-26765
Malware in sbrugna...
EUVD-2024-20892
Malicious code in bioql PyPI...
EUVD-2021-8247
Malicious code in bioql PyPI...
CVE-2024-23388
Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack...
CVE-2021-20835
Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari Merpay - Marketplace and Mobile Payments App' Japan version versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity ...
CVE-2020-5604
Android App 'Mercari' Japan version prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView...
CVE-2024-23388
Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack...
CVE-2024-23388
Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack...
Authorization
Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack...
CVE-2024-23388
Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack...
CVE-2024-23388
Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack...
CVE-2024-23388
Summary (CVE-2024-23388) : The vulnerability affects the Mercari Android app (prior to version 5.78.0) where the app’s handler for a Custom URL Scheme improperly authorizes navigation, allowing an attacker to direct a user to an arbitrary website via the vulnerable app. This can enable a phishing...
"Mercari" App for Android fails to restrict custom URL schemes properly
Overview "Mercari" App for Android by Mercari, Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Shiga Takuma of BroadBand Security Inc...
Mercari Security Vulnerability
Mercari is an online trading application for used items from Mercari Japan. A security vulnerability exists in Mercari versions prior to 5.78.0, which stems from improperly restricting access using custom URLs, and could allow a remote attacker to direct a user to an arbitrary website...
JVN#70818619: "Mercari" App for Android fails to restrict custom URL schemes properly
"Mercari" App for Android by Mercari, Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an...
about.mercari.com Open Redirect vulnerability OBB-2359835
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2021-20835
Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari Merpay - Marketplace and Mobile Payments App' Japan version versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity ...
CVE-2021-20835
Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari Merpay - Marketplace and Mobile Payments App' Japan version versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity ...
Authorization
Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari Merpay - Marketplace and Mobile Payments App' Japan version versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity ...
CVE-2021-20835
Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari Merpay - Marketplace and Mobile Payments App' Japan version versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity ...