laginimaineb - Security Researcher - Exploit Intelligence Platform

CVE-2015-6639 NOMISEC HIGH WORKING POC

Google Android - Access Control

The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.

362 stars

CVSS 7.8

View Code

CVE-2016-2431 NOMISEC HIGH WORKING POC

Google Android < 6.0.1 - Access Control

The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809.

362 stars

CVSS 7.8

View Code

CVE-2015-6639 NOMISEC HIGH WORKING POC

Google Android - Access Control

The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.

123 stars

CVSS 7.8

View Code

CVE-2014-7920 NOMISEC CRITICAL WORKING POC

Google Android - Access Control

mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.

76 stars

CVSS 9.8

View Code

CVE-2016-2431 NOMISEC HIGH WORKING POC

Google Android < 6.0.1 - Access Control

The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809.

67 stars

CVSS 7.8

View Code

CVE-2014-4322 NOMISEC WORKING POC

Linux kernel 3.x - Memory Corruption

drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application.

24 stars

View Code

EIP-2026-100045 EXPLOITDB java WORKING POC

Samsung Devices KNOX Extensions - OTP TrustZone Trustlet Stack Buffer Overflow

View Code

CVE-2015-6639 EXPLOITDB HIGH text WORKING POC

Google Android - Access Control

The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.

CVSS 7.8

View Code