第三方应用漏洞列表 (349)

OSVDB/96697(发布:2013-08-28)MCOEPS
CVSSN/A

Instagram for Android contains a flaw that is triggered when a user issues a like or delete command from the application. This will cause the cyrptographic signature of partial requests to be concatenated with a JSON string, which may allow the attacker to more easily crash the program or potentially execute arbitrary code.

OSVDB/96696(发布:2013-08-28)MCOEPS
CVSSN/A

Instagram contains a flaw that is due to the program storing static cryptographic signature key information in an obfuscated fashion that combines native and Java code. This may allow a remote attacker to more easily gain access to signature key information and delete all the user's pictures or like and unlike any pictures he chooses.

OSVDB/96390(发布:2013-08-16)MCOEPS
CVSSN/A

Cerberus for Android contains a flaw that is due to the program generating tokens in a predictable manner. When a user authenticates for the first time, a token is set based on the phone's IMEI. Subsequent requests are made using the token, not the user's credentials. With knowledge of a phone's IMEI, or via a trivial brute force attack, a remote attacker can send authenticated requests as the user.

OSVDB/95923(发布:2013-08-01)MCOEPS
CVSSN/A

By default, My Satis Application for Android installs with a hardcoded Bluetooth PIN. The application has a PIN of '000', which is publicly known and documented. This allows physically proximate attackers to trivially access the program and cause a user's toilet to open or close the lid, activate the bidet, enable the air-dry functions, or continually flush the toilet. While not life-threatening, this could pose a problem for harassment or discomfort.

OSVDB/94794(发布:2013-07-01)MCOEPS
CVSSN/A

Skype for Android contains a flaw that is triggered when a call is first accept from the attacker then dropped. This may allow the attacker to bypass the screen lock feature until the device is rebooted.

OSVDB/94750(发布:2013-06-27)MCOEPS
CVSSN/A

CSipSimple Application for Android contains a flaw that may lead to the unauthorized disclosure of sensitive information. The issue is triggered when a direct request is sent for messages or call logs. This may allow a local attacker to gain access to sensitive information.

首页上一页23456789下一页尾页 第4页 / 共59页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站