Vulnerabilities – Page 2

Android WebView Exploit Allows Hackers to Install Malicious Apps

16-September-201318-April-2020 Prasanna Sherekar

There’s a vulnerability that affects WebView control in Android applications installed on Android devices running versions older than 4.2. This vulnerability makes a large number of Android applications act as a hacker pipeline into user’s devices and provides a way to install malicious software, send SMSs and more. WebView allows the user to view a […]

Report : PHP SuperGlobals are Vulnerable to Hackers

10-September-201314-September-2013 Prasanna Sherekar

In the most recent Hacker Intelligence Initiative Report – “PHP SuperGlobals: Supersized Trouble“, Imperva analyses vulnerabilities found in the SuperGlobal parameters of the PHP platform, and finds that a multi-step attack requires a multi-layered application security solution. In addition to local and global scope variables, PHP has several predefined variables that are called SuperGlobals. These […]

Facebook Vulnerability that Allowed any Photo to be Deleted Earns $12,500 Bounty

2-September-201318-April-2020 Prasanna Sherekar

An Indian electronics and communications engineer who describes himself as a “security enthusiast with a passion for ethical hacking” has discovered a Facebook vulnerability that could have allowed for any photo on the site to be deleted without the owner’s knowledge. Arul Kumar, a 21 year old from Tamil Nadu, discovered that he could delete […]

Android Malware Exploiting Google Cloud Messaging Service

14-August-201317-August-2013 Prasanna Sherekar

Researchers have discovered a number of malicious Android apps are using Google’s Cloud Messaging (GCM) service and leveraging it as a command and control server to carry out attacks. A post on Securelist today by Kaspersky Lab’s Roman Unuchek, breaks down five Trojans that have been spotted checking in with GCM after launching. Trojan-SMS.AndroidOS.FakeInst.a Trojan-SMS.AndroidOS.Agent.ao […]

New Java 0-Day Exploit Spotted in the Wild

10-January-201314-January-2013 Prasanna Sherekar

A new Java 0-day vulnerability has been discovered, and is already being exploited in the wild. Currently, disabling the plugin is the only way to protect your computer. Description: The MBeanInstantiator in Oracle Java Runtime Environment (JRE) 1.7 in Java 7 Update 10 and earlier allows remote attackers to execute arbitrary code via vectors related […]

Hackers Exploit Windows XML Core Services Vulnerability

20-June-201224-June-2012 Prasanna Sherekar

An unpatched Windows vulnerability considered a critical threat by security experts is being exploited by cybercriminals. Microsoft disclosed the flaw in XML Core Services (MSXML) 3.0, 4.0 and 6.0 June 12 during its monthly release of patches. The security advisory, which was separate from the patch release, offered a workaround for vulnerability CVE-2012-1889, but no […]