CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4772
https://notcve.org/view.php?id=CVE-2011-4772
The 360 KouXin (com.qihoo360.kouxin) application 1.5.3 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application. La aplicación 360 KouXin (com.qihoo360.kouxin) v1.5.3 para Android no protege correctamente los datos, lo que permite a atacantes remotos leer o modificar mensajes SMS y una lista de contacto a través de una aplicación modificada. • http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4772-vulnerability-in-360KouXin.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2008-0430 – 360 Web Manager 3.0 - 'IDFM' SQL Injection
https://notcve.org/view.php?id=CVE-2008-0430
SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the IDFM parameter. Vulnerabilidad de inyección SQL en form.php de 360 Web Manager 3.0 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro IDFM. • https://www.exploit-db.com/exploits/4944 http://www.securityfocus.com/bid/27364 http://www.vupen.com/english/advisories/2008/0217 https://exchange.xforce.ibmcloud.com/vulnerabilities/39796 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •