CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33267
https://notcve.org/view.php?id=CVE-2024-33267
30 Apr 2024 — SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate privileges via the HfHeropaymentGatewayBackModuleFrontController::initContent() function. Vulnerabilidad de inyección SQL en Hero hfheropaid v.1.2.5 y anteriores permite a un atacante escalar privilegios a través de la función HfHeropaidGatewayBackModuleFrontController::initContent(). • https://security.friendsofpresta.org/modules/2024/04/29/hfheropayment.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2013-10001 – HTC One/Sense Mail Client certificate validation
https://notcve.org/view.php?id=CVE-2013-10001
17 May 2022 — A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used. Se ha encontrado una vulnerabilidad en HTC One/Sense versión 4.x. • http://www.modzero.ch/modlog/archives/2013/05/28/htcs_e-mail_client_fails_to_verify_server_certificates • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12176
https://notcve.org/view.php?id=CVE-2019-12176
03 Jun 2019 — Privilege escalation in the "HTC Account Service" and "ViveportDesktopService" in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges to SYSTEM via reconfiguration of either service. La escalada de privilegios en el "Servicio de cuenta de HTC" y "ViveportDesktopService" en HTC VIVEPORT anterior a la versión 1.0.0.36 permite a los atacantes locales escalar los privilegios al SISTEMA mediante la reconfiguración de cualquiera de los servicios. • https://community.viveport.com • CWE-269: Improper Privilege Management •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12177
https://notcve.org/view.php?id=CVE-2019-12177
03 Jun 2019 — Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking. La escalada de privilegios debido a permisos de directorio no seguros que afectan a ViveportDesktopService en HTC VIVEPORT antes de la 1.0.0.36 permite a los atacantes locales escalar los privilegios a través del secuestro de DLL. • https://community.viveport.com • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1170 – Volkswagen Customer-Link App Protection Mechanism Failure CAN Message Injection Vulnerability
https://notcve.org/view.php?id=CVE-2018-1170
27 Feb 2018 — This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App 1.30 and HTC Customer-Link Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Customer-Link App and Customer-Link Bridge. The issue results from the lack of a proper protection mechanism against unauthorized firmware updates. An attacker can leverage this vulnerability to inject CAN messages. • https://zerodayinitiative.com/advisories/ZDI-18-214 • CWE-693: Protection Mechanism Failure •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4622
https://notcve.org/view.php?id=CVE-2013-4622
19 Jun 2013 — The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area. La funcionalidad 3G Mobile Hotspot en HTC Droid Incredible utiliza por defecto una contraseña WPA2 PSK "1234567890", lo que facilita a atacantes remotos obtener acceso mediante el aprovechamiento de una posición dentro de la zona de cobertura WLAN. • http://support.verizonwireless.com/clc/devices/knowledge_base.html?id=35523 • CWE-255: Credentials Management Errors •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2012-2980
https://notcve.org/view.php?id=CVE-2012-2980
21 Aug 2012 — The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages. El método de implementación onTouchEvent en Samsumg y HTC para Android en ... • http://www.htc.com/www/help/app-security-fix • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 39EXPL: 0CVE-2012-2217
https://notcve.org/view.php?id=CVE-2012-2217
01 May 2012 — The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3, EVO Design 4G before 2.12.651.5, Shift 4G before 2.77.651.3, EVO 3D before 2.17.651.5, EVO View 4G before 2.23.651.1, Vivid before 3.26.502.56, and Hero does not restrict localhost access to TCP port 2479, which allows remote attackers to (1) send SMS messages, (2) obtain the Network Access Identifier (NAI) and its password, or trigger (3) popup messages or (4) tones via a crafted application that leverages the android.permission.INTERNET... • http://archives.neohapsis.com/archives/bugtraq/2012-04/0176.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2011-4872
https://notcve.org/view.php?id=CVE-2011-4872
05 Feb 2012 — Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class. Múltiples dispositivos Android HTC incluyendo Desire HD FRG83D y GRI40, Glacie... • http://archives.neohapsis.com/archives/bugtraq/2012-02/0002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3975
https://notcve.org/view.php?id=CVE-2011-3975
03 Oct 2011 — A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port. Determinadas actualizaciones de HTC para An... • http://news.cnet.com/8301-1035_3-20114556-94 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •