应用漏洞列表 (368)

OSVDB/103143(发布:2014-02-09)MCOEPS
CVSSN/A

Android File Manager for Android (com.smartwho.SmartFileManager) contains a flaw that allows traversing outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically path traversal style attacks (e.g. '../'). With a specially crafted request, a local attacker can gain access to arbitrary files.

OSVDB/103153(发布:2014-02-08)MCOEPS
CVSSN/A

Next Browser for Android (com.jiubang.browser) contains a flaw that is due to the application failing to enforce restrictions on browsing history directories. With a specially crafted application, a local attacker can gain access to potentially sensitive information.

OSVDB/103119(发布:2014-02-08)MCOEPS
CVSSN/A

Snapchat contains a flaw that is due to the program failing to terminate tokens for messages, which may allow them to be reused. This may allow a remote attacker to crash a user's device by flooding them with messages.

OSVDB/102796(发布:2014-01-24)MCOEPS
CVSSN/A

Apache Cordova and PhoneGap contain a flaw that is due to the URL interception ignoring iframe and XMLHttpRequest URLs. With a specially crafted script inside an iframe, a context-dependent attacker to bypass domain white listing by calling execute =cordova.require('cordova/exec'); var opts =cordova.require('cordova/plugin/ ContactFindOptions' ); and directly operating on these objects.

OSVDB/102783(发布:2014-01-24)MCOEPS
CVSSN/A

Apache Cordova or PhoneGap contains a flaw that is due to the program not blocking third-party scripts included via <script> tags when their source domain is white listed, even if execute in a different domain's origin. This may allow a context-dependent attacker to bypass the same origin policy.

OSVDB/102782(发布:2014-01-24)MCOEPS
CVSSN/A

Apache Cordova and PhoneGap contain a flaw that is triggered during substring matching. This may allow a context-dependent attacker to bypass whitelist protection mechanisms.

12345678下一页尾页 第1页 / 共62页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站