Email address | private |
---|---|
First Active | 2008-10-09 |
Last Active | 2017-09-04 |
Vulnerable versions of the Motorola Android Bootloader (ABOOT) allow for kernel command-line injection. Additionally it suffers from a bypass vulnerability.
f8f8777805bf6e98e486f708a506572461b27529339eefe20434106273e475dc
Google Nexus 9 SensorHub firmware suffers from a downgrade vulnerability.
2e333ae95fe2406ff357ae559841fa415ab16be941f0e11c2c726abab2919d30
Nexus 9 Android Builds before N4F27B contains a firmware injection vulnerability via I2C bus through a SAR sensor driver flashing flaw. This vulnerability requires access to the I2C bus, which is available via the USB fastboot interface and HBOOT interface, which is exposed via the headphone jack.
09cb9ce7a0b1f5b948804b87b863cd8f524662124754065615cd2d56ab103125
Nexus 9 running Android version 7.1.1 build N4F26Q and below allows unauthorized access to the FIQ debugger via its headphones jack, which allows for information theft, weakening of ASLR, leaking of stack canaries, and more.
d9c74cae1b9537b3016fd597e2a6df39187b9c1c8e8133af3e28c32dcef00b7e
Android versions 6.0.0 MDA89E through 6.0.1 MMB29V suffers from a fastboot oem panic that causes the bootloader to expose a serial-over-USB connection, which would allow an attacker to obtain a full memory dump of the device using tools such as QPST Configuration.
1cad3a5d68ceaa11e08febbaecc70daa9705af6a701e1fe02a66f3fe18978e34
Apache Cordova Android versions 3.6.4 and below use a bridge that allows the Native Application to communicate with the HTML and Javascript that control the user interface. To protect this bridge on Android, the framework uses a BridgeSecret to protect it from third-party hijacking. However, the BridgeSecret is not sufficiently random and can be determined in certain scenarios.
c28802b86c45a140f404d504fd86bad54b63bcda4837aba120ab9c1831ac675a
A vulnerability in the Dropbox SDK for Android may enable theft of sensitive information from apps that use the vulnerable Dropbox SDK both locally by malware and also remotely by using drive-by exploitation techniques.
a7cb57797a2240ddf7249a1c2eaae396a47c7ed63e6fdc3c40f4ef850798d906
In this paper, they authors present an implementation vulnerability found in some popular social login identity providers (including LinkedIn, Amazon and Mydigipass.com) and show how this vulnerability allowed them to impersonate users of third-party websites.
acd7f10d948ec0bd229808e6ce9cbdcb95ea98fae082067f187f1c0429619fbd
Android applications built with the Cordova framework can launch other applications through the use of anchor tags, or by redirecting the webview to an Android intent URL. An attacker who can manipulate the HTML content of a Cordova application can create links which open other applications and send arbitrary data to those applications. An attacker who can run arbitrary JavaScript code within the context of the Cordova application can also set the document location to such a URL. By using this in concert with a second, vulnerable application, an attacker might be able to use this method to send data from the Cordova application to the network. This release is an update to a prior advisory.
4e0dda886cea833a687c664d12a4435708cfcce65b89f11c91f68124746cc7f1
Apache Cordova versions up to 3.5.0 suffer from information disclosure, whitelist bypass, and cross application issues.
b40574101ee277ded07c47ea5ed1519dd4879415cb724ee5af90126d1af3c686
This whitepaper discusses a stack-based buffer overflow vulnerability in the Android KeyStore service which affects Android 4.3 and below.
f7115facb01ba5509340d2f23ccfd38240c5a8ae2b85f19bd810f467d71ca0f8
A series of vulnerabilities have been discovered in Firefox for Android that allows a malicious application to successfully derandomize the Firefox profile directory name in a practical amount of time and then leak sensitive data (such as cookies and cached information) which reside in that directory, breaking Android's sandbox.
688b048fb5365a45f0a237ef602cef2bde7a27679794b9c23fb305a9ed177a61
This paper presents a newly discovered vulnerability in the Android Framework which breaks its sandbox environment. This vulnerability affects many Android applications including ones which are bundled with every Android device. The vulnerability has been patched in Android KitKat.
8f72a7311a831bdaa7811567902e82d2dd42a9aadddb39fc579d481b96535d75
BIND is exposed to a new vulnerability which can be exploited remotely in order to derandomize the name server selection algorithm. Exploitation of this vulnerability can be used in conjunction with other off-path DNS cache poisoning exploits in order to make them more efficient. ISC has acknowledged the vulnerability and plans to address this deficiency by re-implementing the SRTT algorithm in future maintenance releases of the BIND 9 code. This whitepaper goes into great detail regarding this issue.
84356c82ef3047b3388b1711d4f92e2ade893d39556c93520d7e0953f3faf27f
Android versions 4.0.4 and below suffer from a DNS poisoning vulnerability.
fd3f3144ec6c56c88de3c9a3bdf13990e20e919c7d341537d7185155ece92b22
SQLite databases stored on Android suffer from an insecure permission vulnerability. Version 2.3.7 is affected.
84d02b3ee9f88069270f1d55a7a0419db6f4ee552b8001ed7d46641a2a66e816
Whitepaper called DNS Poisoning Via Port Exhaustion. It covers everything from how DNS poisoning works to various methods of performing attacks. It discloses two vulnerabilities. One is in Java which enables remote DNS poisoning using Java applets. The other is in multiuser Windows environments that allows for a local DNS cache poisoning of arbitrary domains.
59aae9b502f6267802e5e03c5acbbc8cc5b2055211508a758f0223c1089883be
Dolphin Browser HD versions prior to 6.1.0 suffer from a cross applications scripting vulnerability.
fec0542347d11dcaba40a36e576a9a2728f140dc57e324d0e46a4289ce1ef603
Opera Mobile version 11.1 suffers from a cross application scripting vulnerability.
8c0764be4a5484299a931f64c47e78d1ff2967b7b3f25d3b026a0791a079f276
A 3rd party application may exploit Android's Browser URL loading process in order to inject JavaScript code into an arbitrary domain thus break Android's sandboxing. Versions 2.3.4 and 3.1 have been found vulnerable.
e69e53a920a455ea417e80477c2fab5c49deede7cf7c53b2cbeaf6c9493d8670
The Babylon online dictionary and translation software fails to sanitize user input before rendering it on the Trident control, effectively leading to a cross-application scripting vulnerability. The Trident control runs in Local Machine Zone (LMZ) which is not Locked down and due to this the vulnerability can allow for code execution.
521bd04a9d93d3243cb54ea1da35796ea3e0170a38c45bee3986db191b659c09
Adobe Flash Player has an integer overflow that exists in the AVM2 abcFile parser code which handles the intrf_count value of the instance_info structure.
aea6ae7ce5a8ae2ed2d979b62a2ec1ef65d2d9cc8ba7c1d8089d924a1c480ee5
A vulnerability exists in Graphviz's parsing engine which makes it possible to overflow a globally allocated array and corrupt memory by doing so. Version 2.20.2 is affected.
74aec18b63e6c203563c8dffc4f13d382b97e59657719590779916c19ea1a725