42 matches found
Exploit for Type Confusion in Google Chrome
UCBrowserExploit.js Introduction All content below refer...
EUVD-2020-28491
Malware in sbrugna...
EUVD-2019-2255
Malware in sbrugna...
EUVD-2020-28490
Malware in sbrugna...
EUVD-2017-11056
Malware in sbrugna...
CVE-2019-10251
The UCWeb UC Browser application through 2019-03-26 for Android uses HTTP to download certain modules associated with PDF and Microsoft Office files related to libpicsel, which allows MITM attacks...
CVE-2019-10250
UCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading certain PDF modules, which allows MITM attacks...
CVE-2017-20041
A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers URL. It is possible to launch the attack remotely...
CVE-2017-20041
A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers URL. It is possible to launch the attack remotely...
CVE-2017-20041
A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers URL. It is possible to launch the attack remotely...
Hardcoded credentials
A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers URL. It is possible to launch the attack remotely...
CVE-2017-20041 Ucweb UC Browser HTML URL improper restriction of rendered ui layers
A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers URL. It is possible to launch the attack remotely...
CVE-2017-20041
UC Browser 11.2.5.932 is affected by CVE-2017-20041 due to the HTML Handler: manipulation of the title argument leads to improper restriction of rendered UI layers (URL). The issue is exploitable remotely and the exploit has been disclosed publicly. No patch/version remediation details are provid...
CVE-2017-20041 Ucweb UC Browser HTML URL improper restriction of rendered ui layers
A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers URL. It is possible to launch the attack remotely...
CVE-2020-7364
User Interface UI Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions...
CVE-2020-7363
User Interface UI Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions...
Design/Logic Flaw
User Interface UI Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions...
CVE-2020-7364
CVE-2020-7364 is a UI-based spoofing vulnerability in UCWeb UC Browser (Android) affecting version 13.0.8 and earlier. The root cause is a misrepresentation in the address bar, enabling an attacker to obfuscate the true source of data via JavaScript timing tricks, potentially causing a pop-up or ...
CVE-2020-7363
CVE-2020-7363 affects UCWeb UC Browser versions 13.0.8 and earlier, enabling UI/address-bar spoofing through JavaScript timing tricks that can mislead users about the page origin. Exploitation requires visiting a page hosting executable JavaScript; it can trigger in-browser content or popups that...
Mobile Browser Bugs Open Safari, Opera Users to Malware
A set of address-bar spoofing vulnerabilities that affect a number of mobile browsers open the door for malware delivery, phishing and disinformation campaigns. The bugs, reported by Rapid7 and independent researcher Rafay Baloch, affect six browsers, ranging from the common Apple Safari, Opera...