CVE-2014-6980

The CVE-2014-6980 entry concerns the LINE PLAY Android app (version 2.3.1.1). The vulnerability is an inability to verify X.509 SSL certificates, enabling MITM attackers to spoof servers and obtain sensitive information via a crafted certificate. According to NVD data, the impact is PARTIAL confi...

CVE-2014-6980

The LINE PLAY aka jp.naver.lineplay.android application 2.3.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

X (Formerly Twitter): Stored xss

Hi! There's a stored xss on ads.twitter.com under "Add New App" section at https://ads.twitter.com/accounts/18ce53wsl3g/campaigns/newobjective/appinstalls. There's a option to add android application by Google play app id, so i searched for a app on play store with name " "" " and then i got this...

Android App SSL Certificate Validation Errors Enumerated

A growing compilation of close to 350 Android applications that fail to perform SSL certificate validation over HTTPS has been put together by the CERT Coordination Center at the Software Engineering Institute at Carnegie Mellon University. Researcher Will Dormann created a large spreadsheet host...

SandroRAT — Android Malware that Disguises itself as "Kaspersky Mobile Security" App

Researchers have warned users of Android devices to avoid app downloads from particularly unauthorized sources, since a new and sophisticated piece of malware is targeting Android users through phishing emails. The malware, dubbed SandroRAT, is currently being used by cybercriminals to target...

Java Applet Driver Manager Privileged toString() Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class...

Play! Framework <= 1.0.3.1 Directory Transversal Vulnerability

No description provided by source. Exploit Title: Play! Framework = 1.0.3.1 Directory Transversal Vulnerability Date: July 24, 2010 Author: kripthor Software Link: http://www.playframework.org/ Version: Play! Framework = 1.0.3.1 Tested on: Ubuntu 10 CVE : N/A Notes: 28/07/2010 at 14:03 - Develope...

Netgear FM114P ProSafe Wireless Router Rule Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7270/info The Netgear FM114P allows certain ports to be blocked, both for external users attempting to enter the local network and for local users connecting to the WAN. If Remote Access and Universal Plug and Play are bo...

Java CMM Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class...

ID Software Quake 1.9 - Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3051/info Quake is a very popular 3D first-person-shooter game from ID software. A flaw has been identified in the product's network play features which allows a maliciously designed client to prevent legitimate players...

SoX - (.wav) Local Buffer Overflow Exploiter

No description provided by source. //--------------------------------- Begin Code: sox-exploiter.c --------------------------------- / Copyright Rosiello Security 2004 http://www.rosiello.org CVE Reference: CAN-2004-0557 Bug Type: Stack Overflow Date: 01/08/2004 Ulf Harnhammar reported that there...

Light Audio Mixer 1.0.12 - (.wav) Crash PoC

No description provided by source. Exploit Title: Light Audio Mixer Version 1.0.12 .wav - Crash POC Date: 14-07-2013 Exploit Author: ariarat Software Link: http://download.cnet.com/Light-Audio-Mixer/3000-21394-10791607.html Version: 1.0.12 Tested on: Windows XP sp3...

id Software Quake 3 Arena Server 1.29 Possible Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3123/info Quake3 Arena Server is a software package designed to host multiple Quake 3 players over a network for interactive play. A vulnerability exists in this software that can allow a malicious user to remotely crash ...

MPG123 0.59 Remote File Play Heap Corruption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8680/info A problem in the handling of some types of remote files has been reported in mpg123. Because of this, it may be possible for a remote attacker to execute arbitrary code with the privileges of the mpg123 user. /...

Donar Player 2.2.0 - Local Crash PoC

No description provided by source. !/usr/bin/python Title: Donar Player 2.2.0 Local Crash PoC Date: 03-21-2010 Author: b0telh0 Link: http://www.donarzone.com/downloads/donar-player-setup-free.exe Tested on: Windows XP SP3 crash = \x41 1000 try: file = open'b0t.wma','w'; file.writecrash; file.clos...

Windows 98/XP/ME UPnP NOTIFY Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/3723/info Universal Plug and Play, or UPnP, is a service that allows for hosts to locate and use devices on the local network. UPnP support ships with Windows XP and ME. For Windows 98 and 98SE, it is available with Windo...

Cloned Android Banking App Hides Phishing Scheme

Cloned mobile applications, such as the legions of Flappy Bird knock-offs that surfaced once the popular game was removed from Google Play and the Apple App Store, are an increasingly popular malware vehicle for attackers. The risks range from loading programs that dial premium numbers at the...

PlayDrone Reveals Secret Keys from Thousands of Play Store Android Apps

Google's Android Mobile operating system for smartphones and tablets have Google's own Play Store that provides its Android users the most visible way to access the world of millions of apps. App developers produce more than thousands of applications each year, but majority of newbie and...

Chinese Android Smartphone comes with Pre-installed Spyware

If US has banned its several major government departments, including NASA, Justice and Commerce Departments, from purchasing Chinese products and computer technology due to suspected backdoors, then they are not wrong at all. A popular Chinese Android Smartphone comes pre-installed with a Trojan...

Google Play App Permissions Privacy, Security Concerns

Google’s revamped app permissions for Google Play are not being well received by Android users. Reddit threads are rife with adjectives such as “stupid” and “dangerous,” primarily because Google’s attempt to simplify permissions granted to automatically updated applications may in fact expose use...