Vector 2 - Base64 encoded String, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Vector 2 published at the 'play' market has multiple vulnerabilities...

CVE-2014-1915

CVE-2014-1915 affects Command School Student Management System 1.06.01 and involves Multiple CSRF vulnerabilities. The described flaws allow remote attackers to hijack admin authentication for password changes via sw/admin_change_password.php and to perform add_topic.php actions (adding a topic o...

CVE-2007-5014

Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allow remote attackers to execute arbitrary PHP code via a URL in 1 the lvcadmindir parameter to modules/visitors2/admin/view-archiver.inc.php or 2 the lvcincludedir parameter to modules/visitors2/include/menus.inc.php. NOTE: the...