Lucene search
K

136 matches found

veracode
veracode
added 2024/12/16 3:21 p.m.13 views

Server-Side Request Forgery (SSRF)

Mobile Security Framework MobSF is vulnerable to a Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of HTTP redirects in the checkurl method, where the requests.get function is configured with allowredirects=True. This allows an SSRF when a request to...

7.5CVSS6.8AI score0.00407EPSS
Exploits0References5Affected Software1
veracode
veracode
added 2024/12/11 6:34 a.m.9 views

Cross-site Scripting (XSS)

Mobile Security Framework MobSF is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of filenames, allowing malicious users to upload script files that can execute when the "Diff or Compare" functionality is used...

8.1CVSS6.3AI score0.00508EPSS
Exploits1References3Affected Software1
github
github
added 2024/12/03 6:45 p.m.28 views

Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality

Summary The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the "Diff or Compare" functionality, they are affected by a Stored Cross-Site Scripting vulnerabilit...

8.1CVSS5.2AI score0.00508EPSS
Exploits1References4Affected Software1
osv
osv
added 2024/12/03 6:45 p.m.72 views

GHSA-5JC6-H9W7-JM3P Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality

Summary The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the "Diff or Compare" functionality, they are affected by a Stored Cross-Site Scripting vulnerabilit...

6.2CVSS5.2AI score0.00508EPSS
Exploits1References4
snyk
snyk
added 2024/12/03 4:15 p.m.2 views

Server-side Request Forgery (SSRF)

Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Server-side...

9.3CVSS6.9AI score0.00712EPSS
Exploits1References3
pypa
pypa
added 2024/12/03 4:15 p.m.9 views

PYSEC-2024-256

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...

7.5CVSS6.8AI score0.00712EPSS
Exploits1References2Affected Software1
osv
osv
added 2024/12/03 4:15 p.m.9 views

PYSEC-2024-256

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...

7.5CVSS7.1AI score0.00407EPSS
Exploits0References2
cvelist
cvelist
added 2024/12/03 3:39 p.m.60 views

CVE-2024-53999 Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...

8.1CVSS0.00508EPSS
Exploits1References2
osv
osv
added 2024/12/03 3:39 p.m.23 views

CVE-2024-53999 Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...

8.1CVSS5.5AI score0.00508EPSS
Exploits1References4
cvelist
cvelist
added 2024/12/03 3:33 p.m.45 views

CVE-2024-54000 Mobile Security Framework (MobSF) bypass of SSRF fix

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...

7.5CVSS0.00407EPSS
Exploits0References2
osv
osv
added 2024/12/03 3:33 p.m.18 views

CVE-2024-54000 Mobile Security Framework (MobSF) bypass of SSRF fix

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...

7.5CVSS7.2AI score0.00407EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2024/12/03 3:33 p.m.14 views

CVE-2024-54000 Mobile Security Framework (MobSF) bypass of SSRF fix

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...

7.5CVSS6.8AI score0.00407EPSS
Exploits0References2
cve
cve
added 2024/12/03 3:33 p.m.81 views

CVE-2024-54000

CVE-2024-54000 affects MobSF prior to 3.9.7. The root cause is in _check_url using requests.get() with allow_redirects=True, enabling an SSRF when a .well-known/assetlinks.json response returns a 302 redirect. This bypasses the prior fix for CVE-2024-29190 and is fixed in MobSF 3.9.7. The connect...

7.5CVSS7.5AI score0.00407EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2024/12/03 12:0 a.m.6 views

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...

8.1CVSS6.6AI score0.00508EPSS
Exploits1References2
cnnvd
cnnvd
added 2024/12/03 12:0 a.m.6 views

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...

7.5CVSS6.3AI score0.00407EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/12/03 12:0 a.m.11 views

PT-2024-36007 · Unknown · Mobile Security Framework

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 3.9.7 Description: The issue concerns a server-side request forgery vulnerability. It occurs when the requests.get request in the check url method is set to allow redirects=True, allowing a...

7.5CVSS6.3AI score0.00407EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2024/12/03 12:0 a.m.12 views

PT-2024-36005

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.2.9 Description: The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the...

8.1CVSS6AI score0.00508EPSS
Exploits1References16
cve
cve
added 2024/08/19 2:44 p.m.55 views

CVE-2024-43399

MobSF (Mobile Security Framework) prior to version 4.0.7 contains a Zip Slip vulnerability in the Static Libraries analysis when extracting .a files. The mitigation (decoding and string replacement) is bypassable (e.g., using sequences like ....//....//....//), allowing extraction to arbitrary se...

9.8CVSS7.6AI score0.00902EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2024/08/19 2:44 p.m.22 views

CVE-2024-43399 Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure...

8CVSS7.6AI score0.00902EPSS
Exploits1References2
bdu_fstec
bdu_fstec
added 2024/08/19 12:0 a.m.8 views

The vulnerability of the Mobile Security Framework (MobSF), which involves redirecting URLs to unreliable websites, allows attackers to carry out phishing attacks using specially created malicious links.

The vulnerability of the Mobile Security Framework MobSF for mobile application security research involves redirecting URLs to unreliable websites. Exploiting this vulnerability allows attackers to carry out phishing attacks using specially created malicious links...

6.8CVSS5.4AI score0.01EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder