what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed


Android Proxy Auto Config (PAC) Crash
Posted Nov 8, 2016
Authored by Yakov Shafranovich | Site wwws.nightwatchcybersecurity.com

Android devices can be crashed forcing a halt and then a soft reboot by downloading a large proxy auto config (PAC) file when adjusting the Android networking settings. This can also be exploited by an MITM attacker that can intercept and replace the PAC file. However, the bug is mitigated by multiple factors and the likelihood of exploitation is low.

tags | exploit, denial of service
advisories | CVE-2016-6723
SHA-256 | 9a6a1af684f67a60cc245b0a7841aeca5cc4c686f0d9b20cffcd532b0d7b75f1

Related Files

Samsung Internet Browser SOP Bypass
Posted Dec 20, 2017
Authored by Tod Beardsley, Jeffrey Martin, Dhiraj Mishra

This Metasploit module takes advantage of a Same-Origin Policy (SOP) bypass vulnerability in the Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices. By default, it initiates a redirect to a child tab, and rewrites the innerHTML to gather credentials via a fake pop-up.

tags | exploit, bypass
advisories | CVE-2017-17692
SHA-256 | 453452b6c39fc4137d17372c00e57358247a6b6b2880964c69ec6f1e59572af4
Android Device QSEE Trustlet Revocation
Posted Jun 6, 2017
Authored by Google Security Research, laginimaineb

Multiple Android devices do not revoke known-bad QSEE trustlets.

tags | exploit
SHA-256 | 17ae488394ddefdc0e0c926eda5fcf2f19e66c833209048a10977e69275c94e5
Android Qualcomm GPS/GNSS Man-In-The-Middle
Posted Oct 10, 2016
Authored by Yakov Shafranovich | Site wwws.nightwatchcybersecurity.com

Android devices can be crashed remotely forcing a halt and then a soft reboot by a MITM attacker manipulating assisted GPS/GNSS data provided by Qualcomm. This issue affects the open source code in AOSP and proprietary code in a Java XTRA downloader provided by Qualcomm. The Android issue was fixed by in the October 2016 Android bulletin. Additional patches have been issued by Qualcomm to the proprietary client in September of 2016.

tags | exploit, java, denial of service
advisories | CVE-2016-5348
SHA-256 | a65dfddf168a89391ed0b8297e76ae23566fa1e4d61a4e69446fbad5e0a2b52b
Android Stagefright MP4 tx3g Integer Overflow
Posted Sep 27, 2016
Authored by jduck, NorthBit | Site metasploit.com

This Metasploit module exploits a integer overflow vulnerability in the Stagefright Library (libstagefright.so). The vulnerability occurs when parsing specially crafted MP4 files. While a wide variety of remote attack vectors exist, this particular exploit is designed to work within an HTML5 compliant browser. Exploitation is done by supplying a specially crafted MP4 file with two tx3g atoms that, when their sizes are summed, cause an integer overflow when processing the second atom. As a result, a temporary buffer is allocated with insufficient size and a memcpy call leads to a heap overflow. This version of the exploit uses a two-stage information leak based on corrupting the MetaData that the browser reads from mediaserver. This method is based on a technique published in NorthBit's Metaphor paper. First, we use a variant of their technique to read the address of a heap buffer located adjacent to a SampleIterator object as the video HTML element's videoHeight. Next, we read the vtable pointer from an empty Vector within the SampleIterator object using the video element's duration. This gives us a code address that we can use to determine the base address of libstagefright and construct a ROP chain dynamically. NOTE: the mediaserver process on many Android devices (Nexus, for example) is constrained by SELinux and thus cannot use the execve system call. To avoid this problem, the original exploit uses a kernel exploit payload that disables SELinux and spawns a shell as root. Work is underway to make the framework more amenable to these types of situations. Until that work is complete, this exploit will only yield a shell on devices without SELinux or with SELinux in permissive mode.

tags | exploit, remote, overflow, shell, kernel, root
advisories | CVE-2015-3864
SHA-256 | 1a90f98f06bcb60d18f94ddf7062901f68d339cc68bbdab75711aaafaeffc5d2
Acer Portal Android Application Man-In-The-Middle
Posted Jul 5, 2016
Authored by David Coomber

The Acer Portal Android application version and below, installed by the manufacturer on all Acer branded Android devices, does not validate the SSL certificate it receives when connecting to the mobile application login server.

tags | advisory
advisories | CVE-2016-5648
SHA-256 | e41d65b401922a36dd4fd36af2a4b2b250969e944b8ae92cf0e117d652041d1b
Android WiFi-Direct Denial Of Service
Posted Jan 26, 2015
Authored by Core Security Technologies, Andres Blanco | Site coresecurity.com

Core Security Technologies Advisory - Some Android devices are affected by a denial of service attack when scanning for WiFi Direct devices. An attacker could send a specially crafted 802.11 Probe Response frame causing the Dalvik subsystem to reboot because of an Unhandle Exception on WiFiMonitor class.

tags | exploit, denial of service
advisories | CVE-2014-0997
SHA-256 | feb52e38d88fae494e9480f07d94fba29e88f585adbd14e6a5b09a5a89af5f6c
Sprite Software Android Race Condition
Posted Jun 24, 2013
Authored by Justin Case

A race condition in Sprite Software's backup software on Android devices allows for code execution as root.

tags | exploit, root, code execution
advisories | CVE-2013-3685
SHA-256 | 7e1b48d28523c995e417a3ba929c6db89dc279830ff6b11b530c719a9d14944c
Android LKM Cheat Sheet
Posted Sep 25, 2011
Authored by Eugenio Delfa

Whitepaper called Android LKM Cheat Sheet - Porting Old School LKM Tricks to Android Devices.

tags | paper
SHA-256 | 745eb8bf8b8dd3d83741b9d6317a53fef94d4fb7ee3c0f8955af8112b7d16328
Page 1 of 1

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By