exploit the possibilities
Showing 1 - 25 of 36 RSS Feed

Files

Apache Cordova 3.7.2 Whitelist Failure
Posted Nov 21, 2015
Authored by Muneaki Nishimura

Android applications created using Apache Cordova that use a remote server contain a vulnerability where whitelist restrictions are not properly applied. Improperly crafted URIs could be used to circumvent the whitelist, allowing for the execution of non-whitelisted Javascript. Versions 3.7.2 and below are affected.

tags | advisory, remote, javascript
advisories | CVE-2015-5256
MD5 | aad647f1d58fa5931abe9a90902a248c

Related Files

Anhui Huami Mi Fit 4.0.10 Unencrypted Update Check
Posted Nov 26, 2019
Authored by David Coomber

Anhui Huami Mi Fit Android application versions 4.0.10 and below does not encrypt the connection when it checks for an update.

tags | advisory
MD5 | a42279218aa424b93572cdeb05f5c02d
SHAREit For Android 4.0.38 Authentication Bypass / File Download
Posted Feb 27, 2019
Authored by Abdulrahman Nour | Site redforce.io

DUMPit is an exploit for the SHAREit mobile app abusing two recently discovered vulnerabilities affecting SHAREit Android application versions 4.0.38 and below. The first one allows an attacker to bypass SHAREit device authentication mechanism, and the other one enables the authenticated attacker to download arbitrary files from the user's device. Both vulnerabilities were reported to the vendor and patches have been released.

tags | exploit, arbitrary, vulnerability
MD5 | 3f976a2a05f5d62b9b09600fb47b3c43
Everus.org 1.0.9 Second Factor Redirection
Posted Nov 16, 2018
Authored by Muhammad Shahbaz

The Everus.org Android application version 1.0.9 has a fundamental design flaw where the client can send a random phone number during the second factor flow with an arbitrary existing user id and the server send the attacker the one time password for the other user.

tags | exploit, arbitrary
MD5 | 81b34424d2fb4ef2f76dd3982050a8b1
Everus.org 1.0.7 Second Factor Client-Side Validation
Posted Nov 8, 2018
Authored by Muhammad Shahbaz

The Everus.org Android application version1.0.7 has a fundamental design flaw where the server provides the second factor to the client for comparison instead of properly validating it server-side.

tags | exploit
MD5 | f4f7dde01fefcdf3cdbd73b8d2fcc159
Everus.org 1.0.7 Second Factor Modification
Posted Nov 8, 2018
Authored by Muhammad Shahbaz

The Everus.org Android application version 1.0.7 has a fundamental design flaw where the client can send a random phone number during the second factor flow and the server will update the number on file.

tags | exploit
MD5 | e2b7ba286b25008cd2b3bf3d822c927f
Android Application Penetration Testing
Posted Sep 19, 2018
Authored by Seyedhojjat Hosseini

Whitepaper called Android Application Penetration Testing. Written in Persian.

tags | paper
MD5 | b47a6d74f31e91d13e497f8a4b4dcd46
Android Application Pentest With Drozer
Posted Jun 1, 2018
Authored by Artin Ghafary

Whitepaper called Android Application Pentest With Drozer. Written in Persian.

tags | paper
MD5 | bce46a39c54c0e5f1caa0c8d31110f1f
The Grey Matter Of Securing Android Applications
Posted Apr 8, 2018
Authored by Shiv Sahni

Whitepaper called The Grey Matter of Securing Android Applications. It starts with the introduction of the Android platform and fundamentals of the Android applications. It later talks about the in-built security features of the Android platform and the additional features that are provided by Google to build a secure ecosystem. It also includes how and why these features can be leveraged to build secure Android applications.

tags | paper
MD5 | 5b291cb65b443bd1435c7d5264cbe7f7
Android Private Internet Access Denial Of Service
Posted Oct 27, 2017
Authored by Yakov Shafranovich | Site wwws.nightwatchcybersecurity.com

The Android application provided by Private Internet Access (PIA) VPN service can be crashed by downloading a large file containing a list of current VPN servers. This can be exploited by an MITM attacker via intercepting and replacing this file. While the file is digitally signed, it is not served over SSL and the application did not contain logic for checking if the provided file is very large. The vendor has fixed this issue in version 1.3.3.1 and users should install the latest version.

tags | exploit, denial of service
advisories | CVE-2017-15882
MD5 | f39a851f2873bfcdf23e16b4dfb9ed46
Apple Music Android Application Man-In-The-Middle
Posted Apr 6, 2017
Authored by David Coomber

The Apple Music Android application (version 1.2.1 and below) does not validate the SSL certificate received when connecting to the mobile application login and payment servers.

tags | advisory
systems | apple
advisories | CVE-2017-2387
MD5 | 77f6d3bf2a4d79ba1870023309aa385e
Trend Micro Enterprise Mobile Security Android Application Man-In-The-Middle
Posted Mar 30, 2017
Authored by David Coomber

The Trend Micro Enterprise Mobile Security android application suffers from a man-in-the-middle SSL certificate vulnerability.

tags | advisory
advisories | CVE-2016-9319
MD5 | f80c525a43a419b297b0ae9bdde3471e
Android Adobe Air 22.0.0.153 Insecure Tranport
Posted Sep 15, 2016
Site wwws.nightwatchcybersecurity.com

Android applications developed with Adobe AIR send data back to Adobe servers without HTTPS while running. This can allow an attacker to compromise the privacy of the applications' users. This has been fixed in Adobe AIR SDK release version 23.0.0.257. This affects applications compiled with the Adobe AIR SDK versions 22.0.0.153 and earlier.

tags | advisory, web
advisories | CVE-2016-6936
MD5 | 39f90cf5b1a2e010d5019918471e3e10
Acer Portal Android Application 3.9.3.2006 Man-In-The-Middle
Posted Jul 5, 2016
Authored by David Coomber

The Acer Portal Android application version 3.9.3.2006 and below, installed by the manufacturer on all Acer branded Android devices, does not validate the SSL certificate it receives when connecting to the mobile application login server.

tags | advisory
advisories | CVE-2016-5648
MD5 | 18577e2af30c987e1bffc397498a8603
Apache Cordova Android 3.6.4 BridgeSecret Weak Randomization
Posted Nov 21, 2015
Authored by Roee Hay, David Kaplan

Apache Cordova Android versions 3.6.4 and below use a bridge that allows the Native Application to communicate with the HTML and Javascript that control the user interface. To protect this bridge on Android, the framework uses a BridgeSecret to protect it from third-party hijacking. However, the BridgeSecret is not sufficiently random and can be determined in certain scenarios.

tags | advisory, javascript
advisories | CVE-2015-5257
MD5 | 99b559e55f240aaddaa21a9964e6680e
Apache Cordova Android File Transfer Plugin 1.2.1 Header Injection
Posted Sep 25, 2015
Authored by Muneaki Nishimura

Apache Cordova Android File Transfer plugin versions 1.2.1 and below suffer from an HTTP header injection vulnerability.

tags | advisory, web
advisories | CVE-2015-5204
MD5 | b3652e84ab4e8cf41e0af9c0f7bac29c
Apache Cordova On Android Unintended Behavior
Posted May 28, 2015
Authored by Seven Shen

Android applications built with the Cordova framework that do not have explicit values set in Config.xml can have undefined configuration variables set by Intent. This can cause unwanted dialogs appearing in applications and changes in the application behavior that can include the app force-closing. Versions up to 4.0.1 are affected except for 3.7.2

tags | advisory
advisories | CVE-2015-1835
MD5 | cb68d16b5b517e40a9ea4aa0a72e061d
Kaseya Browser 7.0 Android Path Traversal
Posted Jan 29, 2015
Authored by Denis Andzakovic | Site security-assessment.com

This advisory details a vulnerability found within Kaseya Browser Android application. A path traversal vulnerability was discovered within an exported content provider, resulting in the disclosure of arbitrary files, including internal application files.

tags | exploit, arbitrary, file inclusion
MD5 | e96819aa7e39e1623c71e59dd7bf05a2
Apache Cordova 3.5.0 Data Leak
Posted Aug 12, 2014
Authored by Roee Hay, David Kaplan

Android applications built with the Cordova framework can launch other applications through the use of anchor tags, or by redirecting the webview to an Android intent URL. An attacker who can manipulate the HTML content of a Cordova application can create links which open other applications and send arbitrary data to those applications. An attacker who can run arbitrary JavaScript code within the context of the Cordova application can also set the document location to such a URL. By using this in concert with a second, vulnerable application, an attacker might be able to use this method to send data from the Cordova application to the network. This release is an update to a prior advisory.

tags | advisory, arbitrary, javascript
advisories | CVE-2014-3502
MD5 | 11bd1a4ff480650cd4d04188db43facf
Bypassing SSL Pinning On Android Via Reverse Engineering
Posted May 20, 2014
Authored by Denis Andzakovic | Site security-assessment.com

This whitepaper details the steps taken to unpack an application, locate the pinning handler, patch and repack. The techniques detailed in this whitepaper may also be used to achieve other goals when hacking Android applications.

tags | paper
MD5 | fe5043c5929d8eb6f2bfe05df024b2bc
Misli.com Android App SSL Validation Failure
Posted Apr 24, 2014
Authored by Harun Esur

The Android application provided by Misli.com fails to validate SSL certificates, allowing for a man in the middle attack.

tags | advisory
MD5 | 64e497a7f19d8ce700bbf13da5c67073
Birebin.com Android App SSL Validation Failure
Posted Apr 24, 2014
Authored by Harun Esur

The Android application provided by Birebin.com fails to validate SSL certificates, allowing for a man in the middle attack.

tags | advisory
MD5 | 8b4a93bff5b1de649cc6b08f410d593f
Apache Cordova 2.9.0 File-Transfer Insecure Defaults
Posted Mar 5, 2014
Authored by Neil Bergman

Cordova File-Transfer iOS plugin from Cordova versions 2.4.0 to 2.9.0 and Cordova File-Transfer iOS standalone plugin (org.apache.cordova.file-transfer) versions 0.1.0 to 0.4.1 suffers from file-transfer insecure default settings.

tags | advisory
systems | ios
advisories | CVE-2014-0072
MD5 | 91984fade27131e55ea4cbb070e9bad3
Apache Cordova 2.9.0 Privilege Escalation
Posted Mar 4, 2014
Authored by Neil Bergman

Cordova In-App-Browser iOS plugin from Cordova versions 2.6.0 to 2.9.0 and Cordova In-App-Browser iOS standalone plugin (org.apache.cordova.inappbrowser) versions 0.1.0 to 0.3.1 suffer from a privilege escalation vulnerability.

tags | advisory
systems | ios
advisories | CVE-2014-0073
MD5 | 5dd1e7754e5584b61163d467bcb19599
Android Browser / WebView addJavascriptInterface Code Execution
Posted Feb 7, 2014
Authored by jduck, joev | Site metasploit.com

This Metasploit module exploits a privilege escalation issue in Android versions prior 4.2's WebView component that arises when untrusted Javascript code is executed by a WebView that has one or more Interfaces added to it. The untrusted Javascript code can call into the Java Reflection APIs exposed by the Interface and execute arbitrary commands. Some distributions of the Android Browser app have an addJavascriptInterface call tacked on, and thus are vulnerable to RCE. The Browser app in the Google APIs 4.1.2 release of Android is known to be vulnerable. A secondary attack vector involves the WebViews embedded inside a large number of Android applications. Ad integrations are perhaps the worst offender here. If you can MITM the WebView's HTTP connection, or if you can get a persistent XSS into the page displayed in the WebView, then you can inject the html/js served by this module and get a shell. Note: Adding a .js to the URL will return plain javascript (no HTML markup).

tags | exploit, web, arbitrary, shell, javascript
MD5 | b1f0b039cf8acfc93ca30fa9147f1966
GoToMeeting Information Disclosure
Posted Jan 26, 2014
Authored by Claudio J. Lacayo

GoToMeeting Android application (com.citrixonline.android.gotomeeting-1.apk) version 5.0.799.1238 is vulnerable to information disclosure via logging output, resulting in the leak of userID, meeting details, and authentication tokens. Android applications with permissions to read system log files may obtain the leaked information.

tags | exploit, info disclosure
advisories | CVE-2014-1664
MD5 | 310d784d10726d19ace081aae4fd7361
Page 1 of 2
Back12Next

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    15 Files
  • 4
    Apr 4th
    5 Files
  • 5
    Apr 5th
    5 Files
  • 6
    Apr 6th
    27 Files
  • 7
    Apr 7th
    31 Files
  • 8
    Apr 8th
    18 Files
  • 9
    Apr 9th
    11 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close