4 matches found
Pi Agent: Pi loads project-local extensions without approval
Pi loads project-local extensions without approval Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory without first asking the user to trust that repository. This included project-local extensions, which are executable TypeScript or JavaScript...
Shenzhen Fujia Technology OurPhoto 安全漏洞
Shenzhen Fujia Technology OurPhoto is a cloud photo frame software from Shenzhen Fujia Technology, China. It allows you to share photos and video files directly on your cell phone. A security vulnerability exists in Shenzhen Fujia Technology OurPhoto version 1.4.1, which stems from the fact that...
CVE-2021-39702
In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
PT-2009-3543 · Apple · Ios +2
Name of the Vulnerable Software and Affected Versions: Apple iPhone OS versions 1.0 through 2.2.1 Apple iPhone OS for iPod touch versions 1.1 through 2.2.1 Description: The issue allows remote attackers to potentially force the iPhone to place a call without user approval. This occurs when the Ma...