Back to all submitters

sak70

WeakSauce

(json)

• CVE numbers: CVE-2014-3847 [twitter-jcase-weaksaucecve]
• Coordinated disclosure?: false
• Categories:
• Details: WeakSauce is an exploit for some HTC devices. It was compatible with the HTC One m7 & m7 on Verizon [xda-developers-weaksauce]
• Discovered by: jcase [xda-developers-weaksauce] on: Unknown
• Reported on: 2014-03-29 [xda-developers-weaksauce]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices: HTC One m7 & m7 on Verizon [xda-developers-weaksauce]
• Affected manufacturers: HTC [xda-developers-weaksauce]
• Fixed versions:
• Submission: by: Daniel R. Thomas, on: 2016-03-18; by: Stephan Kollmann, on: 2015-10-14

StumpRoot

(json)

• CVE numbers:
• Coordinated disclosure?: false
• Categories:
• Details: Vulnerability affecting LG devices released between 2012 and 2014 [xda-developers-stumproot]
• Discovered by: thecubed [xda-developers-stumproot] on: Unknown
• Reported on: 2014-08-17 [xda-developers-stumproot]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices: Verizon LG G3, T-Mobile LG G3, AT&T LG G3, Sprint LG G3, D852G Videotron 10C, D852 Rogers 10B, D852 Bell 10B, Flex D959 TMobile, LG-D855, LG-D858, LG-D855, LG-D851, LG-F400L [xda-developers-stumproot]
• Affected manufacturers: LG [xda-developers-stumproot]
• Fixed versions:
• Submission: by: Daniel R. Thomas, on: 2016-03-18; by: Stephan Kollmann, on: 2015-10-14

PingPongRoot

(json)

• CVE numbers: CVE-2015-3636 [avs-test-pingpong][archived]
• Coordinated disclosure?: false
• Categories:
• Details: Wen Xu and wushi of KeenTeam discovered that users allowed to create ping sockets can use them to crash the system and, on 32-bit architectures, for privilege escalation. However, by default, no users on a Debian system have access to ping sockets. [dsa-3290]
• Discovered by: Wen Xu and wushi of KeenTeam [dsa-3290] on: Unknown
• Reported on: 2015-05-08 [xda-developers-pingpongroot]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices: Samsung Galaxy S6 Edge [xda-developers-pingpongroot], HTC One (M9) [xda-developers-pingpongroot], Samsung Galaxy S6 [xda-developers-pingpongroot]
• Affected manufacturers: Samsung [xda-developers-pingpongroot], HTC [xda-developers-pingpongroot]
• Fixed versions: 5.0.2,5.1.1 [xda-developers-pingpongroot]
• Submission: by: Daniel R. Thomas, on: 2016-03-18; by: Stephan Kollmann, on: 2015-10-14

Samsung WifiHs20UtilityService

(json)

• CVE numbers: CVE-2015-7888 [projectzero-489]
• Coordinated disclosure?: true
• Categories: system
• Details: A path traversal vulnerability was found in the WifiHs20UtilityService. This service is running on a Samsung S6 Edge device, and may be present on other Samsung device models. WifiHs20UtilityService reads any files placed in /sdcard/Download/cred.zip, and unzips this file into /data/bundle. Directory traversal in the path of the zipped contents allows an attacker to write a controlled file to an arbitrary path as the system user. [citation-needed]
• Discovered by: Mark Brand [projectzeroblog-huntinggalaxy] on: 2015-07-29 [citation-needed]
• Reported on: 2015-07-29 [citation-needed]
• Fixed on: 2015-10-22 [projectzero-489]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices: Samsung S6 Edge and may be present in other Samsung device models [projectzero-489]
• Affected manufacturers: Samsung [projectzero-489]
• Fixed versions:
• Submission: by: Daniel R. Thomas, on: 2016-03-18; by: Stephan Kollmann, on: 2015-10-14