secmob

5 exploits Active since Oct 2015
CVE-2016-6754 NOMISEC HIGH STUB
Google Android < 6.0.1 - Injection
A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code execution in an unprivileged process. Android ID: A-31217937.
152 stars
CVSS 8.8
CVE-2015-1528 NOMISEC WORKING POC
Android <5.1.1 - Privilege Escalation
Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory corruption) via a crafted application, aka internal bug 19334482.
117 stars
CVE-2016-0846 NOMISEC HIGH WORKING POC
Android <4.4.4, <5.0.2, <5.1.1, <2016-04-01 - Privilege Escalation
libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26877992.
36 stars
CVSS 8.4
CVE-2015-6612 NOMISEC WORKING POC
Google Android < 5.1.1 - Access Control
libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426.
23 stars
CVE-2016-9651 EXPLOITDB HIGH html WORKING POC
Google Chrome < 55.0.2883.75 - Code Injection
A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSS 8.8