Vulnerabilities > Tapatalk
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-10-26 | CVE-2014-2023 | SQL Injection vulnerability in Tapatalk Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/. | 7.5 |
2017-09-21 | CVE-2017-14652 | SQL Injection vulnerability in Tapatalk 4.5.7 SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process. | 7.5 |
2015-01-15 | CVE-2014-8870 | Arbitrary URI Redirection vulnerability in Tapatalk for WoltLab Burning Board Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin before 1.1.2 for Woltlab Burning Board 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the board_url parameter. network tapatalk | 5.8 |
2015-01-15 | CVE-2014-8869 | Cross-site Scripting vulnerability in Tapatalk Multiple cross-site scripting (XSS) vulnerabilities in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin 1.x before 1.1.2 for Woltlab Burning Board 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) app_android_id or (2) app_kindle_url parameter. | 4.3 |
2014-09-09 | CVE-2014-5680 | Cryptographic Issues vulnerability in Tapatalk 4.8.0 The Tapatalk (aka com.quoord.tapatalkpro.activity) application 4.8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |