102 matches found
CVE-2020-14049
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...
CVE-2020-14049
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...
Cross site request forgery (csrf)
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...
CVE-2020-14049
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...
CVE-2020-14049
Viber for Windows up to 13.2.0.39 is affected by an issue in its custom URI handler due to improper quoting, connected to an incomplete fix for CVE-2019-12569. A malicious site could launch Viber with arbitrary parameters, forcing a victim to initiate an NTLM authentication request, potentially r...
CVE-2018-3987
An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionali...
CVE-2018-3987
An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionali...
Information disclosure
An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionali...
CVE-2018-3987
An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionali...
CVE-2018-3987
Rakuten Viber for Android 9.3.0.6 exposes an information-disclosure in the app’s Secret Chats: photos taken and shared within secret chats are not fully removed when a chat is deleted, leaving copies on the device filesystem that are accessible to other installed apps. The vulnerability stems fro...
Viber Desktop URI Handler Remote Code Execution (CVE-2019-12569)
A remote code execution vulnerability exists in Viber for Desktop. The vulnerability is due to improper sanitization. Successful exploitation could result in code execution on the target machine in the context of the application...
Android-Gif-Drawable Double-Free Vulnerability
A double free vulnerability in the DDGifSlurp function in decoding.c in libpldroidsonroidsgif before 1.2.15, as used in WhatsApp for Android before 2.19.244, allows remote attackers to execute arbitrary code or cause a denial of service. CVE-2019-11932 is a vulnerability in the android-gif-drawab...
CVE-2019-18800
Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS...
CVE-2019-18800
Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS...
Design/Logic Flaw
Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS...
CVE-2019-18800
Viber (up to 11.7.0.5) vulnerable: not all Viber protocol traffic is encrypted. TCP port 4244, packet 9, offset 0x14 exposes cleartext device model, OS version, IMSI, and 20 bytes of udid. An attacker could rewrite the victim's udid (viber_udid) and, after a reg/PIN flow, seize the account. Docum...
CVE-2019-18800
Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS...
Design/Logic Flaw
A vulnerability in Viber before 10.7.0 for Desktop Windows could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow...
CVE-2019-12569
A vulnerability in Viber before 10.7.0 for Desktop Windows could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow...
CVE-2019-12569
A vulnerability in Viber before 10.7.0 for Desktop Windows could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow...