应用漏洞列表 (368)

OSVDB/102781(发布:2014-01-24)MCOEPS
CVSSN/A

Apache Cordova and PhoneGap contain a flaw that is triggered when handling a malformed script running in an iframe, which can allow the script to choose any vulnerable bridge mechanisms via addJavascriptInterface or loadUrl at runtime. This may allow a context-dependent attacker to bypass the domain whitelist.

OSVDB/102266(发布:2014-01-19)MCOEPS
CVSSN/A

Mr. Number for Android contains a flaw that is triggered when a suspected spam pop-up window appears in front of the screen lock. In certain situations if the number in the pop-up is blocked and the 'done' option is selected, the screenlock will be bypassed and the user's home screen will appear. This may allow a physically present attacker to gain access to a user's phone.

OSVDB/102278(发布:2014-01-17)MCOEPS
CVSSN/A

Android contains a flaw that is during the handling of a specially crafted application. This may allow a local attacker to bypass a secure virtual private network (VPN) connection and redirect potentially sensitive cleartext information to a location they control.

OSVDB/101006(发布:2013-12-14)MCOEPS
CVSSN/A

Bit Web Server for Android installs with default MySQL admin credentials (the 'root' account has a blank password), which are publicly known and documented. This allows remote attackers to trivially gain privileged access to the service.

OSVDB/100661(发布:2013-12-05)MCOEPS
CVSSN/A

Brightest Flashlight Free Application for Android contains a flaw that is due to the device transmitting potentially sensitive information even if the user opted out of data sharing. This will cause location data and the unique device identifier to be transmitted to the vendor's servers and subsequently shared with advertisers.

OSVDB/100348(发布:2013-11-21)MCOEPS
CVSSN/A

Instagram contains a flaw that is due to the application transmitting pictures with the media_id tag unencrypted over an HTTP connection. This may allow a remote attacker to gain access to potentially sensitive media_id information.

首页上一页12345678下一页尾页 第2页 / 共62页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站