heeeeen

4 exploits Active since Dec 2014
CVE-2014-7911 NOMISEC WORKING POC
Android < 4.4.4 - Remote Code Execution via Crafted Finalize Method in ObjectInputStream
luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291.
9 stars
CVE-2017-0601 GITHUB MEDIUM java WORKING POC
Android 7.0-7.1.2 - Elevation of Privilege via Bluetooth File Acceptance
An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of user interaction requirements. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35258579.
5 stars
CVSS 5.5
CVE-2017-0645 GITHUB MEDIUM java WORKING POC
Android <7.1.2 - Privilege Escalation
An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35385327.
5 stars
CVSS 5.5
CVE-2017-0784 GITHUB HIGH java WORKING POC
Android <7.1.2 - Privilege Escalation
A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958.
5 stars
CVSS 8.8