what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 26 - 27 of 27

Files from Imre Rad

Android Backup Agent Arbitrary Code Execution

Posted Apr 19, 2015

Authored by Imre Rad

The Android backup agent implementation was vulnerable to privilege escalation and race condition. An attacker with adb shell access could run arbitrary code as the system (1000) user (or any other valid package). The attack is tested on Android OS 4.4.4.

tags | exploit, arbitrary, shell

advisories | CVE-2014-7951

SHA-256 | 179057ea228364a9ce3f89ec74a1a1873d65e8c8b3dd447dccc0af6935bf1a87

Download | Favorite | View

LG On Screen Phone Authentication Bypass

Posted Feb 6, 2015

Authored by Imre Rad

SEARCH-LAB Ltd. discovered a serious security vulnerability in the On Screen Phone protocol used by LG Smart Phones. A malicious attacker is able to bypass the authentication phase of the network communication, and thus establish a connection to the On Screen Phone application without the owner's knowledge or consent. suffers from a bypass vulnerability.

tags | advisory, protocol, bypass

advisories | CVE-2014-8757

SHA-256 | 6c5f9b3a483b2488fd33286b1d8b13298108615893ce571ef447baedf300e177

Download | Favorite | View