Exploit for XML Injection (aka Blind XPath Injection) in Google Android

!Screenshot of Android application with title AbxDroppedApk and...

EUVD-2016-2020

Malware in sbrugna...

EUVD-2017-14323

Malware in sbrugna...

EUVD-2019-10543

Malware in sbrugna...

ASB-A-307288067

In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-40111

In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of systemserver due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

Code injection

In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of systemserver due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2023-40111

In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of systemserver due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

ASB-A-272024837

In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of systemserver due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

ASB-A-214999987

In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-213169612

In BitmapcreateFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

ASB-A-168211968

In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2020-0082

In ExternalVibration of ExternalVibration.java, there is a possible activation of an arbitrary intent due to unsafe deserialization. This could lead to local escalation of privilege to systemserver with no additional execution privileges needed. User interaction is not needed for...

CVE-2017-18663

An issue was discovered on Samsung mobile devices with N7.x software. Because of missing Intent exception handling, systemserver can have a NullPointerException with a crash of a system process. The Samsung IDs are SVE-2017-9122, SVE-2017-9123, SVE-2017-9124, and SVE-2017-9126 July 2017...

CVE-2017-18663

CVE-2017-18663 affects Samsung mobile devices running N(7.x). Root cause: missing Intent exception handling causes a NullPointerException in system_server, potentially crashing a system process. Samsung identifiers: SVE-2017-9122, SVE-2017-9123, SVE-2017-9124, SVE-2017-9126 (July 2017). Connected...

CVE-2016-11031

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, and M6.0 software. AntService allows a systemserver crash and reboot. The Samsung ID is SVE-2016-7044 November 2016...

Code injection

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, and M6.0 software. AntService allows a systemserver crash and reboot. The Samsung ID is SVE-2016-7044 November 2016...

CVE-2016-11031

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, and M6.0 software. AntService allows a systemserver crash and reboot. The Samsung ID is SVE-2016-7044 November 2016...

CVE-2016-11031

The CVE-2016-11031 entry applies to Samsung mobile devices running Android KK/4.4, L/5.0–5.1, and M/6.0. It involves the AntService component, where an issue can cause the system_server to crash and reboot. Connected sources corroborate the same affected platform and impact; no explicit exploit d...

CVE-2018-14983

The Sony Xperia L1 Android device with a build fingerprint of Sony/G3313/G3313:7.0/43.0.A.6.49/2867558199:user/release-keys contains the android framework i.e., systemserver with a package name of android versionCode=24, versionName=7.0 that has been modified by Sony or another entity in the supp...