应用漏洞列表 (368)

OSVDB/94750(发布:2013-06-27)MCOEPS
CVSSN/A

CSipSimple Application for Android contains a flaw that may lead to the unauthorized disclosure of sensitive information. The issue is triggered when a direct request is sent for messages or call logs. This may allow a local attacker to gain access to sensitive information.

OSVDB/94749(发布:2013-06-27)MCOEPS
CVSSN/A

CSipSimple contains a flaw that may allow an attacker to carry out a SQL injection attack. The issue is due to the 'calllogs' provider not properly sanitizing user-supplied input to the 'projection' parameter. This may allow a malicious application with CONFIGURE_SIP permissions to inject or manipulate SQL queries, allowing for the manipulation or disclosure of arbitrary data e.g. stored by the 'accounts' provider like user credentials.

OSVDB/94331(发布:2013-06-15)MCOEPS
CVSSN/A

TaxiMonger for Android contains a flaw that allows a persistent cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the 'Username' field in the registration module. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

OSVDB/92629(发布:2013-04-19)MCOEPS
CVSSN/A

I Believe - I Do Not Believe for Android (air.YesNoBotiki) by RoyalGames Ltd has been found to contain the BadNews malware. The BadNews family of malware is designed to look like a standard advertising network SDK and can be found in a variety of applications. Once installed into an application, it has the ability to spoof news messages, prompt users to install arbitrary applications, send sensitive information to a remote server, or push additional malware to the device. In this case, the software was using AlphaSMS malware to send premium-rate SMS messages.

OSVDB/92628(发布:2013-04-19)MCOEPS
CVSSN/A

Bottle with Tasks for Android (air.buttlRus) by RoyalGames Ltd has been found to contain the BadNews malware. The BadNews family of malware is designed to look like a standard advertising network SDK and can be found in a variety of applications. Once installed into an application, it has the ability to spoof news messages, prompt users to install arbitrary applications, send sensitive information to a remote server, or push additional malware to the device. In this case, the software was using AlphaSMS malware to send premium-rate SMS messages.

OSVDB/92627(发布:2013-04-19)MCOEPS
CVSSN/A

Ozhegov for Android (ru.rhosoft.ozhegov) by BestAndroidsAp has been found to contain the BadNews malware. The BadNews family of malware is designed to look like a standard advertising network SDK and can be found in a variety of applications. Once installed into an application, it has the ability to spoof news messages, prompt users to install arbitrary applications, send sensitive information to a remote server, or push additional malware to the device. In this case, the software was using AlphaSMS malware to send premium-rate SMS messages.

首页上一页345678910下一页尾页 第5页 / 共62页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站