WhatsApp SIM - External URLs, Possible privilege escalation, Runtime command execution vulnerabilities

HackApp vulnerability scanner discovered that application WhatsApp SIM published at the 'play' market has multiple vulnerabilities...

Solarwinds Log and Event Manager/Trigeo SIM 6.1.0 - Remote Command Execution Exploit

Exploit for windows platform in category remote exploits Requirements: Python 2.7 netcat Tested on: Ubuntu 14.04 LTS Vulnerable Appliance Version: 6.1.0 Download: http://downloads.solarwinds.com/solarwinds/Release/LEM/SolarWinds-LEM-v6.1.0-Evaluation-VMware.exe Instructions: The exploitlem.py...

SolarWinds Log and Event ManagerTrigeo SIM 6.1.0 - Remote Command Execution

SolarWinds Log and Event ManagerTrigeo SIM 6.1.0 - Remote Command Execution Requirements: Python 2.7 netcat Tested on: Ubuntu 14.04 LTS Vulnerable Appliance Version: 6.1.0 Download: http://downloads.solarwinds.com/solarwinds/Release/LEM/SolarWinds-LEM-v6.1.0-Evaluation-VMware.exe Instructions: Th...

SolarWinds Log and Event Manager/Trigeo SIM 6.1.0 - Remote Command Execution

Requirements: Python 2.7 netcat Tested on: Ubuntu 14.04 LTS Vulnerable Appliance Version: 6.1.0 Download: http://downloads.solarwinds.com/solarwinds/Release/LEM/SolarWinds-LEM-v6.1.0-Evaluation-VMware.exe Instructions: The exploitlem.py script will need to be run sudo since it uses sockets which...

Android Security Restriction Bypass Vulnerability (CNVD-2015-06575)

Android is an operating system based on the Linux open kernel, announced on November 5, 2007 by Google Inc. for cell phones. A security restriction bypass vulnerability exists in LMY48I, a version of Android prior to 5.1.1. Allows an attacker to intercept or simulate an unspecified phone STK SIM...

CVE-2015-3843

The SIM Toolkit STK framework in Android before 5.1.1 LMY48I allows attackers to 1 intercept or 2 emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to com/android/internal/telephony/cat/AppInterface.java, aka internal bug 21697171...

Design/Logic Flaw

The SIM Toolkit STK framework in Android before 5.1.1 LMY48I allows attackers to 1 intercept or 2 emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to com/android/internal/telephony/cat/AppInterface.java, aka internal bug 21697171...

CVE-2015-3843

The CVE-2015-3843 entry concerns the Android SIM Toolkit (STK) framework prior to 5.1.1 LMY48I. Affected component: STK within Android, related to com/android/internal/telephony/cat/AppInterface.java (internal bug 21697171). Impact: an unprivileged app can intercept or emulate unspecified Telepho...

CVE-2015-3843

The SIM Toolkit STK framework in Android before 5.1.1 LMY48I allows attackers to 1 intercept or 2 emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to com/android/internal/telephony/cat/AppInterface.java, aka internal bug 21697171...

CVE-2015-1171

Stack-based buffer overflow in GSM SIM Utility aka SIM Card Editor 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file...

Stack overflow

Stack-based buffer overflow in GSM SIM Utility aka SIM Card Editor 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file...

CVE-2015-1171

Stack-based buffer overflow in GSM SIM Utility aka SIM Card Editor 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file...

CVE-2015-1171

CVE-2015-1171 affects GSM SIM Utility (aka SIM Card Editor) 6.6. The flaw is a stack-based buffer overflow triggered by a long entry in a .sms file, enabling remote code execution. Public materials in the Connected documents include an in-depth exploit description and sample exploit code (e.g., E...

Code injection

HP Systems Insight Manager SIM before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors...

CVE-2015-2139

HP Matrix Operating Environment (MEO) and HP SIM prior to 7.5.0 are affected by CVE-2015-2139. The HP Security Bulletin HPSBMU03409 rev.1 states that SIM, SMH, VCA, VCRM, and related components shipped with MEO

CVE-2015-5403

CVE-2015-5403 affects HP Matrix Operating Environment components (HP SIM before 7.5.0; SIM alongside SMH, VCA, VCRM, Insight Orchestration, VCEM) with HP Matrix OS versions prior to 7.5.0. The vulnerability enables remote authenticated users to obtain sensitive information via unspecified vectors...

CVE-2015-2140

CVE-2015-2140 affects HP Matrix Operating Environment components prior to version 7.5.0, including HP Systems Insight Manager (SIM) before 7.5.0. The HP bulletin notes that remote authenticated attackers could obtain sensitive information or modify data via unspecified vectors. The vulnerability ...

CVE-2015-5404

CVE-2015-5404 affects HP Systems Insight Manager (SIM) before 7.5.0, used in HP Matrix Operating Environment before 7.5.0. An attacker could remotely obtain sensitive information or modify data via unspecified vectors. HP issued remediation in the HP Matrix Operating Environment 7.5.0 release and...

CVE-2015-5402

CVE-2015-5402 affects HP Matrix Operating Environment via HP Systems Insight Manager (SIM) before 7.5.0 and related components; local users can gain privileges to access sensitive information, modify data, or cause a denial of service. The provided documents do not specify exploitation vectors. H...

CVE-2015-5405

HP SIM (HP Systems Insight Manager) before 7.5.0, used in HP Matrix Operating Environment before 7.5.0, is vulnerable to CVE-2015-5405. The issue allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors. Remediation per H...