EUVD-2017-17115

Malware in sbrugna...

EUVD-2017-11882

Malware in sbrugna...

Honor VMALL Security Vulnerability

Honor VMALL is the Honor Mall application from Honor, a Chinese company. A security vulnerability exists in Honor VMALL, which stems from an information disclosure vulnerability, successful exploitation of which may result in information disclosure...

CVE-2017-8153

Huawei VMall for Android with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access...

CVE-2017-8153

Huawei VMall for Android with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access...

CVE-2017-2739

The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle MITM can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications...

CVE-2017-2739

The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle MITM can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications...

Privilege escalation

Huawei VMall for Android with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access...

Code injection

The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle MITM can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications...

CVE-2017-2739

The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle MITM can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications...

CVE-2017-8153

Huawei VMall (Android) prior to version 1.5.8.5 contains a privilege-elevation vulnerability due to improper design. An attacker can trick a user into installing a malicious app that can send HTTP requests and execute JavaScript in web pages without Internet permission, potentially causing resour...

CVE-2017-8153

Huawei VMall for Android with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access...

CVE-2017-2739

CVE-2017-2739 describes a MITM risk in Huawei Vmall APP upgrades: the upgrade package is transferred over HTTP, allowing an attacker on an adjacent network to tamper with the package and implant malicious code. The issue stems from unencrypted upgrade delivery, with impact described as tampering/...

Huawei VMall Override Vulnerability

Huawei VMall is Huawei's e-commerce platform for nationwide services. Huawei VMall suffers from an overstepping vulnerability, which can be exploited by local attackers who do not have access privileges to trick users into installing malicious mobile applications, sending outbound HTTP requests a...

Security Advisory - MITM Vulnerability in Huawei Vmall APP

The upgrade package of Huawei Vmall APP is transferred through HTTP. A man in the middle MITM can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications. Vulnerability ID: HWPSIRT-2016-11068 This vulnerability has been assigned a Common Vulnerabilities and...

Security Advisory - Improper Permission Control Vulnerability in Huawei Vmall Alert Service

The AlarmService component in Huawei Vmall has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience. Vulnerability ID: HWPSIRT-2016-11067...