第三方应用漏洞列表 [OSVDB] (328)

OSVDB/103143(发布:2014-02-09)MCOEPS
CVSSN/A

Android File Manager for Android (com.smartwho.SmartFileManager) contains a flaw that allows traversing outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically path traversal style attacks (e.g. '../'). With a specially crafted request, a local attacker can gain access to arbitrary files.

OSVDB/103153(发布:2014-02-08)MCOEPS
CVSSN/A

Next Browser for Android (com.jiubang.browser) contains a flaw that is due to the application failing to enforce restrictions on browsing history directories. With a specially crafted application, a local attacker can gain access to potentially sensitive information.

OSVDB/103119(发布:2014-02-08)MCOEPS
CVSSN/A

Snapchat contains a flaw that is due to the program failing to terminate tokens for messages, which may allow them to be reused. This may allow a remote attacker to crash a user's device by flooding them with messages.

OSVDB/102870(发布:2014-02-04)NMCOPS
CVSS5.0

Mozilla Firefox contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request for the system log, which discloses the software's profile path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

OSVDB/102965(发布:2014-01-31)NMCOS
CVSS4.3

Opera contains a flaw in the intent: protocol that is due to the program failing to restrict access to the contents of local data files. This may allow a local attacker to gain access to potentially sensitive information.

OSVDB/102559(发布:2014-01-24)NMCOPS
CVSS5.0

Citrix GoToMeeting for Android contains a flaw related to logging output that is triggered when handling HTTP requests. This can result in potentially sensitive UserID, meeting details, and authentication token information being leaked to a local attacker.

12345678下一页尾页 第1页 / 共55页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站