136 matches found
Server-Side Request Forgery (SSRF)
Mobile Security Framework MobSF is vulnerable to a Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of HTTP redirects in the checkurl method, where the requests.get function is configured with allowredirects=True. This allows an SSRF when a request to...
Cross-site Scripting (XSS)
Mobile Security Framework MobSF is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of filenames, allowing malicious users to upload script files that can execute when the "Diff or Compare" functionality is used...
Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
Summary The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the "Diff or Compare" functionality, they are affected by a Stored Cross-Site Scripting vulnerabilit...
GHSA-5JC6-H9W7-JM3P Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
Summary The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the "Diff or Compare" functionality, they are affected by a Stored Cross-Site Scripting vulnerabilit...
Server-side Request Forgery (SSRF)
Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Server-side...
PYSEC-2024-256
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...
PYSEC-2024-256
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...
CVE-2024-53999 Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...
CVE-2024-53999 Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...
CVE-2024-54000 Mobile Security Framework (MobSF) bypass of SSRF fix
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...
CVE-2024-54000 Mobile Security Framework (MobSF) bypass of SSRF fix
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...
CVE-2024-54000 Mobile Security Framework (MobSF) bypass of SSRF fix
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...
CVE-2024-54000
CVE-2024-54000 affects MobSF prior to 3.9.7. The root cause is in _check_url using requests.get() with allow_redirects=True, enabling an SSRF when a .well-known/assetlinks.json response returns a 302 redirect. This bypasses the prior fix for CVE-2024-29190 and is fixed in MobSF 3.9.7. The connect...
Mobile Security Framework 安全漏洞
Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...
Mobile Security Framework 安全漏洞
Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...
PT-2024-36007 · Unknown · Mobile Security Framework
Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 3.9.7 Description: The issue concerns a server-side request forgery vulnerability. It occurs when the requests.get request in the check url method is set to allow redirects=True, allowing a...
PT-2024-36005
Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.2.9 Description: The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the...
CVE-2024-43399
MobSF (Mobile Security Framework) prior to version 4.0.7 contains a Zip Slip vulnerability in the Static Libraries analysis when extracting .a files. The mitigation (decoding and string replacement) is bypassable (e.g., using sequences like ....//....//....//), allowing extraction to arbitrary se...
CVE-2024-43399 Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure...
The vulnerability of the Mobile Security Framework (MobSF), which involves redirecting URLs to unreliable websites, allows attackers to carry out phishing attacks using specially created malicious links.
The vulnerability of the Mobile Security Framework MobSF for mobile application security research involves redirecting URLs to unreliable websites. Exploiting this vulnerability allows attackers to carry out phishing attacks using specially created malicious links...