Lucene search
K

102 matches found

NVD
NVD
added 2020/06/22 6:15 p.m.22 views

CVE-2020-14049

Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...

7.5CVSS0.02161EPSS
Exploits1References2
OSV
OSV
added 2020/06/22 6:15 p.m.6 views

CVE-2020-14049

Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...

7.5CVSS7.2AI score0.02161EPSS
Exploits1References2
Prion
Prion
added 2020/06/22 6:15 p.m.15 views

Cross site request forgery (csrf)

Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...

5CVSS7.9AI score0.15041EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/06/22 5:27 p.m.19 views

CVE-2020-14049

Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...

7.9AI score0.02161EPSS
Exploits1References2
CVE
CVE
added 2020/06/22 5:27 p.m.52 views

CVE-2020-14049

Viber for Windows up to 13.2.0.39 is affected by an issue in its custom URI handler due to improper quoting, connected to an incomplete fix for CVE-2019-12569. A malicious site could launch Viber with arbitrary parameters, forcing a victim to initiate an NTLM authentication request, potentially r...

7.5CVSS7.8AI score0.02161EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2020/02/13 12:15 a.m.2 views

CVE-2018-3987

An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionali...

5.5CVSS5.8AI score0.00376EPSS
Exploits1References1
NVD
NVD
added 2020/02/13 12:15 a.m.22 views

CVE-2018-3987

An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionali...

5.5CVSS4.5AI score0.00376EPSS
Exploits1References1
Prion
Prion
added 2020/02/13 12:15 a.m.18 views

Information disclosure

An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionali...

2.1CVSS5.2AI score0.00376EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/02/12 11:36 p.m.28 views

CVE-2018-3987

An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionali...

4.2CVSS5.2AI score0.00376EPSS
Exploits1References1
CVE
CVE
added 2020/02/12 11:36 p.m.99 views

CVE-2018-3987

Rakuten Viber for Android 9.3.0.6 exposes an information-disclosure in the app’s Secret Chats: photos taken and shared within secret chats are not fully removed when a chat is deleted, leaving copies on the device filesystem that are accessible to other installed apps. The vulnerability stems fro...

5.5CVSS5.1AI score0.00376EPSS
Exploits1References1Affected Software1
Check Point Advisories
Check Point Advisories
added 2019/12/25 12:0 a.m.19 views

Viber Desktop URI Handler Remote Code Execution (CVE-2019-12569)

A remote code execution vulnerability exists in Viber for Desktop. The vulnerability is due to improper sanitization. Successful exploitation could result in code execution on the target machine in the context of the application...

9.3CVSS2.6AI score0.15041EPSS
Exploits0
0day.today
0day.today
added 2019/11/29 12:0 a.m.321 views

Android-Gif-Drawable Double-Free Vulnerability

A double free vulnerability in the DDGifSlurp function in decoding.c in libpldroidsonroidsgif before 1.2.15, as used in WhatsApp for Android before 2.19.244, allows remote attackers to execute arbitrary code or cause a denial of service. CVE-2019-11932 is a vulnerability in the android-gif-drawab...

8.8CVSS0.6AI score0.44255EPSS
Exploits16
OSV
OSV
added 2019/11/06 4:15 p.m.2 views

CVE-2019-18800

Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS...

8.8CVSS7.4AI score0.01662EPSS
Exploits1References1
NVD
NVD
added 2019/11/06 4:15 p.m.22 views

CVE-2019-18800

Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS...

8.8CVSS8.5AI score0.01662EPSS
Exploits1References1
Prion
Prion
added 2019/11/06 4:15 p.m.18 views

Design/Logic Flaw

Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS...

4.3CVSS8.4AI score0.01662EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/11/06 3:34 p.m.57 views

CVE-2019-18800

Viber (up to 11.7.0.5) vulnerable: not all Viber protocol traffic is encrypted. TCP port 4244, packet 9, offset 0x14 exposes cleartext device model, OS version, IMSI, and 20 bytes of udid. An attacker could rewrite the victim's udid (viber_udid) and, after a reg/PIN flow, seize the account. Docum...

8.8CVSS8.4AI score0.01662EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/11/06 3:34 p.m.24 views

CVE-2019-18800

Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS...

8.5AI score0.01662EPSS
Exploits1References1
Prion
Prion
added 2019/06/03 1:29 a.m.13 views

Design/Logic Flaw

A vulnerability in Viber before 10.7.0 for Desktop Windows could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow...

9.3CVSS7.7AI score0.15041EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/06/03 1:29 a.m.2 views

CVE-2019-12569

A vulnerability in Viber before 10.7.0 for Desktop Windows could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow...

7.8CVSS7.3AI score0.15041EPSS
Exploits0References1
NVD
NVD
added 2019/06/03 1:29 a.m.22 views

CVE-2019-12569

A vulnerability in Viber before 10.7.0 for Desktop Windows could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow...

9.3CVSS7.7AI score0.15041EPSS
Exploits0References1
Rows per page
Query Builder