第三方应用漏洞列表 (349)

OSVDB/100417(发布:2013-11-12)MCOEPS
CVSSN/A

Super Backup for Android contains a flaw that is due to the application storing sensitive information on the device's SD card. Information stored on the SD card is less secure, so this may allow a local attacker to use a different application to gain access to potentially sensitive information backed up on the card.

OSVDB/99267(发布:2013-10-28)MCOEPS
CVSSN/A

Facebook Pages Manager for Android contains a flaw that is due to the application broadcasting the 'access_token' to all applications whenever the user logs in to Facebook, allowing a local attacker to use a malicious application to gain access to the access_token. This information may be used to facilitate session hijacking attacks.

OSVDB/99266(发布:2013-10-28)MCOEPS
CVSSN/A

Facebook Application for Android and Facebook Messenger for Android contain a flaw that is due to the application broadcasting the 'access_token' to all applications whenever a user downloads a message attachment, allowing a local attacker to use a malicious application to gain access to the access_token. This information may be used to facilitate session hijacking attacks.

OSVDB/97621(发布:2013-09-22)MCOEPS
CVSSN/A

Android FTP Server App for Android installs with default user credentials ('admin' account has a password of 'android'), which is publicly known and documented. This allows remote attackers to trivially gain privileged access to the program. Furthermore the application installs as a user and gives access to the entire phone.

OSVDB/96958(发布:2013-09-05)MCOEPS
CVSSN/A

Yahoo! Fantasy Football Application for iPhone and Android contains an unspecified flaw that may allow an attacker to hijack a user's session. No further details have been provided.

OSVDB/96957(发布:2013-09-05)MCOEPS
CVSSN/A

The Yahoo! Fantasy Football Application for iPhone and Android does not utilize a NONCE (number used once) or private token to sign requests, which may allow a context-dependent attacker to conduct a CSRF attack.

首页上一页12345678下一页尾页 第3页 / 共59页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站