查看最新发布的漏洞列表 [OSVDB] (608)
Android File Manager for Android (com.smartwho.SmartFileManager) contains a flaw that allows traversing outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically path traversal style attacks (e.g. '../'). With a specially crafted request, a local attacker can gain access to arbitrary files.
Next Browser for Android (com.jiubang.browser) contains a flaw that is due to the application failing to enforce restrictions on browsing history directories. With a specially crafted application, a local attacker can gain access to potentially sensitive information.
Snapchat contains a flaw that is due to the program failing to terminate tokens for messages, which may allow them to be reused. This may allow a remote attacker to crash a user's device by flooding them with messages.
Mozilla Firefox contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request for the system log, which discloses the software's profile path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
Opera contains a flaw in the intent: protocol that is due to the program failing to restrict access to the contents of local data files. This may allow a local attacker to gain access to potentially sensitive information.
Citrix GoToMeeting for Android contains a flaw related to logging output that is triggered when handling HTTP requests. This can result in potentially sensitive UserID, meeting details, and authentication token information being leaked to a local attacker.