The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent.
Omni-notes is an open source note-taking application for Android. Additionally, by using a malicious intent, the attacker may redirect the server's responses (containing sensitive information) to third-party applications by using a custom-crafted deeplink scheme.Īn unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter. Directory traversal can occur in the Basecamp 3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory.