Authorization

The God Kings application 0.60.1 for Android exposes a broadcast receiver to other apps called com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver. The purpose of this broadcast receiver is to show an in-game push notification to the player. However, the...

CVE-2020-25204

The God Kings application 0.60.1 for Android exposes a broadcast receiver to other apps called com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver. The purpose of this broadcast receiver is to show an in-game push notification to the player. However, the...

CVE-2020-25204

The CVE-2020-25204 entry concerns the God Kings Android app (version 0.60.1) exposing a broadcast receiver (com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver) that is not protected by any authorization. This allows any application to send in-game push notifica...

God Kings 0.60.1 Notification Spoofing

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: God Kings Vendor URL: https://play.google.com/store/apps/details?id=com.innogames.gkandroid Type: Improper Verification of Intent by Broadcast Receiver CWE-925 Date found: 2020-09-07 Date...

File Upload Vulnerability in Laiku Push Mall System (CNVD-2020-62378)

Laikepush mall system is a system with independent copyright, is an integrated e-commerce system all the functions of the platform. A file upload vulnerability exists in the Laikipu Mall System, which can be exploited by attackers to upload remote files to the server and realize getshell...

Imperva’s Mobile Security App

How many apps do you currently have on your mobile device? Is this number a total across both your personal and professional devices? Did you know that between Android’s Google Play Store and Apple’s App Store, there are between 2.2 and 2.8 million apps available to download? Did you know that,...

PT-2021-11622 · Mediawiki +1 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35 Description: The issue concerns the API in the Push extension for MediaWiki, which used cleartext for ApiPush credentials. This could potentially lead to information disclosure. Recommendations: For MediaWiki...

PT-2021-11621 · Mediawiki +1 · Mediawiki Push Extension +1

Name of the Vulnerable Software and Affected Versions: MediaWiki Push extension versions through 1.35 Description: The issue concerns a lack of required edit token in the API of the Push extension for MediaWiki, specifically in ApiPushBase.php. This omission facilitates a CSRF attack...

DEBIAN-CVE-2020-26148

mdpushblockbytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service e.g., assertion failure via a malformed Markdown document...

EulerOS Virtualization for ARM 64 3.0.6.0 : httpd (EulerOS-SA-2020-2018)

According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCECVE-2020-11984 - Apache HTTP Server...

File Upload Vulnerability in Laiku Push Mall System

Hunan One Eight Network Technology Co., Ltd. is an emerging mobile Internet company. There is a file upload vulnerability in the Laike Push mall system, which can be exploited by attackers to gain server privileges...

Unable to add published apps icons in the endpoint’s Desktop

The customer is installing CWA1912 in multiple endpoint machines running Windows 7 for one of his clients He is using a 3rd party tool to install CWA via CLI massively. He is pushing the StoreFront Store via GPO and not through the installation command. He already installed CWA in some machines a...

USN-4506-1 mcabber vulnerability

It was discovered that MCabber does not properly manage roster pushes. An attacker could possibly use this issue to remotely perform machine-in-the-middle attacks. CVE-2016-9928...

RHEL 8 : httpd:2.4 (RHSA-2020:3714)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3714 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Push diary crash on...

How to Control Push Notifications of your Devices

By Uzair Amir Consider push notifications as messages sent by the backend Apps or servers to the user interface or UI. This is a post from HackRead.com Read the original post: How to Control Push Notifications of your Devices...

Denial Of Service (DoS)

github.com/cloudfoundry/gorouter is vulnerable to denial of service DoS. The vulnerability exists as it fails to return an unknown failure error when panics occur through cf push requests...

CVE-2020-1894

A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to v2.20.30 could have allowed arbitrary code execution when playing a specially crafted push to talk...

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

...

Apache 2.4.x < 2.4.46 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.46. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.46 advisory. - Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE CVE-2020-11984 - Apache HTTP Server versio...

Description of the security update for SharePoint Server 2019: August 11, 2020

Description of the security update for SharePoint Server 2019: August 11, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...