Weekly Vulnerabilities Reports > September 29 to October 5, 2014
Overview
251 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 299 products from 192 vendors including Plone, IBM, HP, Debian, and Core Apps. Vulnerabilities are notably categorized as "Cryptographic Issues", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Input Validation", and "Cross-Site Request Forgery (CSRF)".
- 87 reported vulnerabilities are remotely exploitables.
- 5 reported vulnerabilities have public exploit available.
- 32 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 237 reported vulnerabilities are exploitable by an anonymous user.
- Plone has the most reported vulnerabilities, with 16 reported vulnerabilities.
- IBM has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
7 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-10-03 | CVE-2014-0754 | Schneider Electric | Path Traversal vulnerability in Schneider-Electric products Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. | 10.0 |
2014-10-03 | CVE-2014-4823 | IBM | OS Command Injection vulnerability in IBM products The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors. | 10.0 |
2014-10-02 | CVE-2014-3060 | IBM | Local Information Disclosure vulnerability in IBM products Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network and capturing a session cookie. | 10.0 |
2014-10-02 | CVE-2014-3059 | IBM | Local Information Disclosure vulnerability in IBM products Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network. | 10.0 |
2014-09-30 | CVE-2014-6278 | GNU | OS Command Injection vulnerability in GNU Bash GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. | 10.0 |
2014-10-05 | CVE-2014-7861 | Apple | Improper Input Validation vulnerability in Apple mac OS X The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted web site. | 9.3 |
2014-09-29 | CVE-2013-2100 | Gentoo | Cryptographic Issues vulnerability in Gentoo Portage 2.1.12 The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate. | 9.3 |
18 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-09-30 | CVE-2012-5493 | Plone | Code Injection vulnerability in Plone gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors. | 8.5 |
2014-09-30 | CVE-2012-5487 | Plone | Permissions, Privileges, and Access Controls vulnerability in Plone The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing. | 8.5 |
2014-10-02 | CVE-2014-7188 | XEN | Resource Management Errors vulnerability in XEN The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors. | 8.3 |
2014-09-29 | CVE-2013-3092 | Belkin | Improper Authentication vulnerability in Belkin N300 and N300 Firmware The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header. | 8.3 |
2014-10-05 | CVE-2014-3396 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco products Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133. | 7.5 |
2014-10-03 | CVE-2014-6298 | MM Forum Project | Code Injection vulnerability in MM Forum Project MM Forum Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | 7.5 |
2014-10-03 | CVE-2014-6295 | WEC MAP Project | SQL Injection vulnerability in WEC MAP Project WEC MAP 3.0.0/3.0.1/3.0.2 SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2014-10-03 | CVE-2014-6293 | Kennziffer | SQL Injection vulnerability in Kennziffer Statistics SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014. | 7.5 |
2014-10-03 | CVE-2014-6290 | News Project | Improper Input Validation vulnerability in News Project News The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue. | 7.5 |
2014-10-03 | CVE-2014-6289 | Daniel Lienert Michael Knoll | Permissions, Privileges, and Access Controls vulnerability in multiple products The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) extension before 3.0.1 and Tools for Extbase development (pt_extbase) extension before 1.5.1 allows remote attackers to bypass access restrictions and execute arbitrary controller actions via unspecified vectors. | 7.5 |
2014-10-03 | CVE-2014-6288 | Alex Kellner | Permissions, Privileges, and Access Controls vulnerability in Alex Kellner Powermail The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers to bypass the CAPTCHA protection mechanism via unspecified vectors. | 7.5 |
2014-10-03 | CVE-2014-3947 | Alex Kellner | Code Injection vulnerability in Alex Kellner Powermail Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted extension, then accessing it via unspecified vectors. | 7.5 |
2014-10-01 | CVE-2003-1598 | Wordpress | SQL Injection vulnerability in Wordpress SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable. | 7.5 |
2014-09-30 | CVE-2014-6051 | Redhat Fedoraproject Libvncserver Debian Oracle | Numeric Errors vulnerability in multiple products Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow. | 7.5 |
2014-09-29 | CVE-2014-3811 | Juniper | Permissions, Privileges, and Access Controls vulnerability in Juniper products Juniper Installer Service (JIS) Client 7.x before 7.4R6 for Windows and Junos Pulse Client before 4.0R6 allows local users to gain privileges via unspecified vectors. | 7.2 |
2014-10-03 | CVE-2014-5410 | Rockwellautomation | Resource Management Errors vulnerability in Rockwellautomation AB Micrologix Controller 1400 The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause a denial of service (process disruption) via malformed packets over (1) an Ethernet network or (2) a serial line. | 7.1 |
2014-10-03 | CVE-2014-4809 | IBM | Remote Denial of Service vulnerability in IBM products The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors. | 7.1 |
2014-09-29 | CVE-2013-3066 | Linksys | Permissions, Privileges, and Access Controls vulnerability in Linksys Ea6500 and Ea6500 Firmware Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/. | 7.1 |
219 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-10-03 | CVE-2014-6299 | MM Forum Project | Cross-Site Request Forgery (CSRF) vulnerability in MM Forum Project MM Forum Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors. | 6.8 |
2014-10-02 | CVE-2014-7158 | Exinda | Cross-Site Request Forgery (CSRF) vulnerability in Exinda WAN Optimization Suite 7.0.0 Cross-site request forgery (CSRF) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to admin/launch. | 6.8 |
2014-09-30 | CVE-2014-7190 | Openfiler | Cross-Site Request Forgery (CSRF) vulnerability in Openfiler 2.99.1 Multiple cross-site request forgery (CSRF) vulnerabilities in Openfiler 2.99.1 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown or (2) reboot the server via a request to admin/system_shutdown.html. | 6.8 |
2014-09-30 | CVE-2014-6273 | Debian | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Debian Advanced Package Tool Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL. | 6.8 |
2014-09-30 | CVE-2014-5267 | Drupal | Permissions, Privileges, and Access Controls vulnerability in Drupal modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document. | 6.8 |
2014-09-29 | CVE-2013-3089 | Belkin | Cross-Site Request Forgery (CSRF) vulnerability in Belkin N300 and N300 Firmware Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify configuration. | 6.8 |
2014-09-29 | CVE-2013-3086 | Belkin | Cross-Site Request Forgery (CSRF) vulnerability in Belkin N900 and N900 Firmware Cross-site request forgery (CSRF) vulnerability in util_system.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration settings including passwords and remote management ports. | 6.8 |
2014-09-29 | CVE-2013-3083 | Belkin | Cross-Site Request Forgery (CSRF) vulnerability in Belkin F5D8236-4 V2 Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_setting.exe in Belkin F5D8236-4 v2 allows remote attackers to hijack the authentication of administrators for requests that open the remote management interface on arbitrary ports via the remote_mgmt_enabled and remote_mgmt_port parameters. | 6.8 |
2014-09-29 | CVE-2013-3068 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Linksys Wrt310N Router Firmware and Linksys Wrt350N Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports. | 6.8 |
2014-09-29 | CVE-2013-3064 | Linksys | Open Redirection vulnerability in Linksys Ea6500 and Ea6500 Firmware Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA6500 with firmware 1.1.28.147876 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the target parameter. | 6.8 |
2014-10-05 | CVE-2014-2643 | HP | Remote Privilege Escalation vulnerability in HP Systems Insight Manager Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote authenticated users to gain privileges via unknown vectors. | 6.5 |
2014-10-02 | CVE-2014-6242 | Tips AND Tricks HQ | SQL Injection vulnerability in Tips and Tricks HQ ALL in ONE Wordpress Security and Firewall 3.8.2 Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. | 6.5 |
2014-10-02 | CVE-2014-4793 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere MQ 8.0.0.0 IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors. | 6.5 |
2014-10-01 | CVE-2012-0811 | Postfix | SQL Injection vulnerability in Postfix Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php. | 6.5 |
2014-09-30 | CVE-2014-6055 | Fedoraproject Debian Redhat Libvncserver | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message. | 6.5 |
2014-09-30 | CVE-2012-5489 | Plone Zope | Permissions, Privileges, and Access Controls vulnerability in multiple products The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors. | 6.5 |
2014-10-03 | CVE-2014-6292 | In2Code | Unspecified vulnerability in In2Code Femanager The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors. | 6.4 |
2014-10-02 | CVE-2014-7154 | Fedoraproject Debian XEN Opensuse | Race Condition vulnerability in multiple products Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors. | 6.1 |
2014-10-02 | CVE-2014-2641 | HP | Cross-Site Request Forgery (CSRF) vulnerability in HP System Management Homepage Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | 6.0 |
2014-10-02 | CVE-2014-7155 | XEN Debian Fedoraproject Opensuse | Permissions, Privileges, and Access Controls vulnerability in multiple products The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction. | 5.8 |
2014-10-04 | CVE-2014-6933 | Wavea | Cryptographic Issues vulnerability in Wavea Toraware Takojyou 1.3 The Toraware Takojyou (aka ltd.pte.wavea.torawaretakojyou) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6932 | ALL Navalny Project | Cryptographic Issues vulnerability in ALL Navalny Project ALL Navalny 1.1 The All Navalny (aka com.all.navalny) application 1.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6931 | Myapp | Cryptographic Issues vulnerability in Myapp Treves Dance Center 1 The Treves Dance Center (aka com.myapphone.android.myapptrvesdancecenter) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6930 | Nobexrc | Cryptographic Issues vulnerability in Nobexrc Abram Radio Groove! 3.2.3 The Abram Radio Groove! (aka com.nobexinc.wls_79226887.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6929 | Core Apps | Cryptographic Issues vulnerability in Core-Apps Aihce 2014 6.1.0.0 The AIHce 2014 (aka com.coreapps.android.followme.aihce2014) application 6.1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6928 | Rastreadordecelulares | Cryptographic Issues vulnerability in Rastreadordecelulares Rastreador DE Celulares 5.0.0 The Rastreador de Celulares (aka com.mobincube.android.sc_9KTH8) application 5.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6927 | Myanmars | Cryptographic Issues vulnerability in Myanmars Myanmar Housing : Mmhome 1.3 The Myanmar Housing : mmHome (aka com.mmhome3) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6926 | Paperton | Cryptographic Issues vulnerability in Paperton Allt OM Brollop 1.53 The Allt om Brollop (aka com.paperton.wl.alltombrollop) application 1.53 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6925 | Gcspublishing | Cryptographic Issues vulnerability in Gcspublishing Steyr Forum 3.9.12 The Steyr Forum (aka com.tapatalk.steyrclubcomvb) application 3.9.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6924 | Metroseoul | Cryptographic Issues vulnerability in Metroseoul Metro News 1.6.5 The Metro News (aka com.netpia.ha.metro) application 1.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6923 | Mobitrips | Cryptographic Issues vulnerability in Mobitrips Dubrovnik Guided Walking Tours 1.3.2 The Dubrovnik Guided Walking Tours (aka com.mytoursapp.android.app351) application 1.3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6922 | Listener Interactive | Cryptographic Issues vulnerability in Listener-Interactive Kfai Community Radio 2.0.4 The KFAI Community Radio (aka com.skyblue.pra.kfai) application 2.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6921 | Orderingapps | Cryptographic Issues vulnerability in Orderingapps Buckhorn Grill 2.8 The Buckhorn Grill (aka com.orderingapps.buckhorn) application 2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6920 | Canal44 | Cryptographic Issues vulnerability in Canal44 Canal 44 1 The Canal 44 (aka com.canal.canal44) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6919 | Afsinc | Cryptographic Issues vulnerability in Afsinc Metalcasting Newsstand 3.12.0 The Metalcasting Newsstand (aka air.com.yudu.ReaderAIR3017071) application 3.12.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6918 | Bikersunderground | Cryptographic Issues vulnerability in Bikersunderground Bikers Underground 4.5.10 The Bikers Underground (aka hr.ap.n66871172) application 4.5.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6917 | Kftc | Cryptographic Issues vulnerability in Kftc Www.Knote.Kr Smart 1.0.3 The www.knote.kr Smart (aka kr.or.knote.android) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6916 | Mama | Cryptographic Issues vulnerability in Mama Mama.Cn 1.02 The mama.cn (aka cn.ziipin.mama.ui) application 1.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6914 | Houcine EL Jasmi Project | Cryptographic Issues vulnerability in Houcine EL Jasmi Project Houcine EL Jasmi 1 The Houcine El Jasmi (aka com.devkhr31.houcineeljasmi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6913 | Paperton | Cryptographic Issues vulnerability in Paperton Dive the World 1.53 The Dive The World (aka com.paperton.wl.divetheworld) application 1.53 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6912 | Core Apps | Cryptographic Issues vulnerability in Core-Apps Ira'S 59Th Annual Conference 6.0.7.6 The IRA's 59th Annual Conference (aka com.coreapps.android.followme.ira_14) application 6.0.7.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6911 | Diziturky | Cryptographic Issues vulnerability in Diziturky HD 2015 2014 The diziturky HD 2015 (aka com.adv.diziturky) application 2014 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6910 | Memorizeit | Cryptographic Issues vulnerability in Memorizeit Memorizeit! 1.7.2 The MemorizeIt! (aka com.kshinenterprises.kshinent.memorizeit) application 1.7.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6909 | Enyetech | Cryptographic Issues vulnerability in Enyetech Coca-Cola FM Peru 2.0.41716 The Coca-Cola FM Peru (aka com.enyetech.radio.coca_cola.fm_pe) application 2.0.41716 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6908 | Immigrer | Cryptographic Issues vulnerability in Immigrer Forum IC 3.3.12 The Forum IC (aka com.tapatalk.forumimmigrercom) application 3.3.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6907 | Trafficgate | Cryptographic Issues vulnerability in Trafficgate Rakuten Install 1.5.0 The Rakuten Install (aka co.jp.rakuten.installapp) application 1.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-6906 | Loli Chocolate Cake Project | Cryptographic Issues vulnerability in Loli Chocolate Cake Project Loli Chocolate Cake 1.0.0 The Loli Chocolate Cake (aka com.alison.kang.chocolatecake) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-03 | CVE-2014-6905 | H2O Human Harmony Organization Project | Cryptographic Issues vulnerability in H2O Human Harmony Organization Project H2O Human Harmony Organization 1.6.5 The H2O Human Harmony Organization (aka com.netpia.ha.theh2o) application 1.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-03 | CVE-2014-6903 | Tionetworks | Cryptographic Issues vulnerability in Tionetworks Gulf Power Mobile Bill PAY 1 The Gulf Power Mobile Bill Pay (aka com.tionetworks.gulf) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-03 | CVE-2014-6902 | Anjuke | Cryptographic Issues vulnerability in Anjuke 7.1.7 The Anjuke (aka com.anjuke.android.app) application 7.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-03 | CVE-2014-6901 | Nobexrc | Cryptographic Issues vulnerability in Nobexrc Radios DEL Ecuador 3.2.4 The RADIOS DEL ECUADOR (aka com.nobexinc.wls_87612622.rc) application 3.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-03 | CVE-2014-6900 | Core Apps | Cryptographic Issues vulnerability in Core-Apps Eage Amsterdam 2014 6.1.1.2 The EAGE Amsterdam 2014 (aka com.coreapps.android.followme.eage_2014) application 6.1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-03 | CVE-2014-6899 | Jazeeraairways | Cryptographic Issues vulnerability in Jazeeraairways Jazeera Airways 2.7 The Jazeera Airways (aka com.winit.jazeeraairways) application 2.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-03 | CVE-2014-6898 | Boopsie | Cryptographic Issues vulnerability in Boopsie Mylibrary 4.5.110 The Boopsie MyLibrary (aka com.bredir.boopsie.mylibrary) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-03 | CVE-2014-6897 | Tamrielma | Cryptographic Issues vulnerability in Tamrielma Skyrim MAP 2.1 The Skyrim Map (aka com.neko.skyrimmap) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-03 | CVE-2014-6896 | Yikyakapp | Cryptographic Issues vulnerability in Yikyakapp YIK YAK 2.0.002 The Yik Yak (aka com.yik.yak) application 2.0.002 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-03 | CVE-2014-6895 | Nexters | Cryptographic Issues vulnerability in Nexters Throne Rush 2.3.10 The Throne Rush (aka com.progrestar.bft) application 2.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-03 | CVE-2014-6894 | Lucktastic | Cryptographic Issues vulnerability in Lucktastic 1.2.6 The Lucktastic (aka com.lucktastic.scratch) application 1.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6893 | Pushpinsapp | Cryptographic Issues vulnerability in Pushpinsapp Pushpins Grocery Coupons 1.56 The Pushpins Grocery Coupons (aka com.pushpinsapp.pushpins) application 1.56 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6892 | Kalahari | Cryptographic Issues vulnerability in Kalahari Kalahari.Com Shopping 1.4.2.1 The kalahari.com Shopping (aka com.kalahari.shop) application 1.4.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6890 | Couponcabin Coupons Deals Project | Cryptographic Issues vulnerability in Couponcabin - Coupons & Deals Project Couponcabin - Coupons & Deals 3.6 The CouponCabin - Coupons & Deals (aka com.couponcabin) application 3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6889 | Gunbroker | Cryptographic Issues vulnerability in Gunbroker Gunbroker.Com 1.1.2 The GunBroker.com (aka com.gunbroker.android) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6888 | Pennytalk | Cryptographic Issues vulnerability in Pennytalk Mobile 2.0.3.0 The PennyTalk Mobile (aka net.idt.pennytalk.android) application 2.0.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6886 | Wephoneapp | Cryptographic Issues vulnerability in Wephoneapp Wephone - Phone Calls VS Skype 1.03.00 The WePhone - phone calls vs skype (aka com.wephoneapp) application 1.03.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6885 | Usbank | Cryptographic Issues vulnerability in Usbank Academy Sports + Outdoors Visa 1.18 The Academy Sports + Outdoors Visa (aka com.usbank.icsmobile.academysports) application 1.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6884 | Ford | Cryptographic Issues vulnerability in Ford Credit Account Manager 1.0.1 The Ford Credit Account Manager (aka com.fordcredit.accountmanager) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6883 | CNN | Cryptographic Issues vulnerability in CNN Cnnmoney Portfolio for Stocks 1.0.2 The CNNMoney Portfolio for stocks (aka com.cnn.portfolio) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6882 | Western | Cryptographic Issues vulnerability in Western Federal Credit Union 2.1 The Western Federal Credit Union (aka com.kerrata.pulse.western) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6881 | PNC | Cryptographic Issues vulnerability in PNC Virtual Wallet BY PNC The PNC Virtual Wallet (aka com.pnc.ecommerce.mobile.vw.android) application before 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6880 | Tradehero | Cryptographic Issues vulnerability in Tradehero 2.2.5 The TradeHero (aka com.tradehero.th) application 2.2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6879 | Equifax | Cryptographic Issues vulnerability in Equifax Mobile 1.5 The Equifax Mobile (aka com.equifax) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6878 | Rbfcu | Cryptographic Issues vulnerability in Rbfcu Mobile 3.1 The RBFCU Mobile (aka com.Vertifi.DeposZip.P314089681) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6877 | Santanderbank | Cryptographic Issues vulnerability in Santanderbank Santander Personal Banking 2.1 The Santander Personal Banking (aka com.sovereign.santander) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6876 | Serve | Cryptographic Issues vulnerability in Serve American Express Serve @7F0901E4 The American Express Serve (aka com.serve.mobile) application @7F0901E4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6875 | Woodforest | Cryptographic Issues vulnerability in Woodforest Mobile Banking 3.1 The Woodforest Mobile Banking (aka com.woodforest) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6874 | Concursive | Cryptographic Issues vulnerability in Concursive Modsim Connected 2 The ModSim Connected (aka com.concursive.modsim) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6873 | Amecuae | Cryptographic Issues vulnerability in Amecuae Amgc 6 The AMGC (aka com.amec.uae) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6872 | Ttnetmuzik | Cryptographic Issues vulnerability in Ttnetmuzik Ttnet Muzik 3.2 The TTNET Muzik (aka com.ttnet.muzik) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6871 | Hogs FLY Crazy Project | Cryptographic Issues vulnerability in Hogs FLY Crazy Project Hogs FLY Crazy 1.0.0 The Hogs Fly Crazy (aka com.pedrojayme.hogsflycrazy) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6870 | Bgenergy | Cryptographic Issues vulnerability in Bgenergy 1.153.0034 The BGEnergy (aka com.bluegrass.smartapps) application 1.153.0034 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6869 | Barcode Scanner Project | Cryptographic Issues vulnerability in Barcode Scanner Project Barcode Scanner 2.3.0 The barcode scanner (aka tw.com.books.android.plus) application 2.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6868 | Synology | Cryptographic Issues vulnerability in Synology DS Audio 3.4 The DS audio (aka com.synology.DSaudio) application 3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6867 | Sortir EN Alsace | Cryptographic Issues vulnerability in Sortir-En-Alsace Sortir EN Alsace 0.5B The Sortir en Alsace (aka com.axessweb.sortirenalsace) application 0.5b for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6866 | Homeadvisor | Cryptographic Issues vulnerability in Homeadvisor Mobile 3.0.3 The HomeAdvisor Mobile (aka com.servicemagic.consumer) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6865 | Jamalbates | Cryptographic Issues vulnerability in Jamalbates Jamal Bates Show 1.3.14.254 The Jamal Bates Show (aka com.conduit.app_3a95e13827c54c4da9056fafb33ecc8d.app) application 1.3.14.254 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6864 | Socialknowledge | Cryptographic Issues vulnerability in Socialknowledge Forest River Forums 3.7.5 The Forest River Forums (aka com.socialknowledge.forestriverforums) application 3.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6863 | Digitalfruit | Cryptographic Issues vulnerability in Digitalfruit Mootorratturid & Biker.Ee 1 The Mootorratturid & biker.ee (aka ee.digitalfruit.mootorratturid) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6862 | Gencat | Cryptographic Issues vulnerability in Gencat Artacces 1 The ArtAcces (aka cat.gencat.mobi.artacces) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6861 | Terrarienbilder | Cryptographic Issues vulnerability in Terrarienbilder Terrarienbilder.Com Forum 3.8.20 The Terrarienbilder.com Forum (aka com.tapatalk.terrarienbildercomvb) application 3.8.20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6860 | Trialtracker | Cryptographic Issues vulnerability in Trialtracker Trial Tracker 1.1.9 The Trial Tracker (aka com.etcweb.android.trial_tracker) application 1.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6859 | Daum | Cryptographic Issues vulnerability in Daum Maps - Subway 3.9.1 The Daum Maps - Subway (aka net.daum.android.map) application 3.9.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6858 | Mostafa Shemeas Project | Cryptographic Issues vulnerability in Mostafa Shemeas Project Mostafa Shemeas 1 The Mostafa Shemeas (aka com.mostafa.shemeas.website) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6857 | Arabia2000 | Cryptographic Issues vulnerability in Arabia2000 CAR Wallpapers HD 1.3 The Car Wallpapers HD (aka com.arab4x4.gallery.app) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-02 | CVE-2014-6856 | Myvet2Pet | Cryptographic Issues vulnerability in Myvet2Pet Ahrah 219426 The AHRAH (aka com.vet2pet.aid219426) application 219426 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-01 | CVE-2014-6855 | Imop | Cryptographic Issues vulnerability in Imop Long 1.0.4 The Long (aka com.imop.longjiang.android) application 1.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-01 | CVE-2014-6854 | Eyexam | Cryptographic Issues vulnerability in Eyexam 1.4 The EyeXam (aka com.globaleyeventures.eyexam) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-01 | CVE-2014-6853 | Foxitsoftware | Cryptographic Issues vulnerability in Foxitsoftware Foxit Mobilepdf - PDF Reader 2.2.0.0616 The Foxit MobilePDF - PDF Reader (aka com.foxit.mobile.pdf.lite) application 2.2.0.0616 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-01 | CVE-2014-6852 | Automon | Cryptographic Issues vulnerability in Automon Ledline.Gr Official 1.4.0.9 The LedLine.gr Official (aka com.automon.ledline.gr) application 1.4.0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-01 | CVE-2014-6851 | Nbcfc | Cryptographic Issues vulnerability in Nbcfc NEW Beginnings CFC 1.1 The New Beginnings CFC (aka com.goodbarber.nbcfc) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6850 | Starkvilleelectric | Cryptographic Issues vulnerability in Starkvilleelectric SED Account 1.153.0034 The SED Account (aka com.starkville.smartapps) application 1.153.0034 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6848 | Synology | Cryptographic Issues vulnerability in Synology DS File 4.1.1 The DS file (aka com.synology.DSfile) application 4.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6847 | Horoscopesanddreams | Cryptographic Issues vulnerability in Horoscopesanddreams Horoscopes and Dreams 1.0.1 The Horoscopes and Dreams (aka com.horoscopesanddreams) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6846 | Intelitycorp | Cryptographic Issues vulnerability in Intelitycorp Four Seasons Beverly Hills @7F050007 The Four Seasons Beverly Hills (aka com.intelitycorp.FourSeasons.android.ice) application @7F050007 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6845 | Mediafire | Cryptographic Issues vulnerability in Mediafire 1.1.1 The MediaFire (aka com.mediafire.android) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6844 | Tabtale | Cryptographic Issues vulnerability in Tabtale ABC Song 1.0.0 The ABC Song (aka com.tabtale.abcsingalong) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6843 | Orderingapps | Cryptographic Issues vulnerability in Orderingapps Sweatshop 2.96 The Sweatshop (aka com.orderingapps.sweatshop) application 2.96 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6842 | Gannett | Cryptographic Issues vulnerability in Gannett Daily Advertiser Print 6.7 The Daily Advertiser Print (aka com.lafayettedailyadv.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6841 | Rtiindia | Cryptographic Issues vulnerability in Rtiindia RTI India 3.8.21 The RTI INDIA (aka com.vbulletin.build_890) application 3.8.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6840 | Weddingselections | Cryptographic Issues vulnerability in Weddingselections MY Wedding Planner 1.5 The My Wedding Planner (aka app.wedding) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6839 | Webizz | Cryptographic Issues vulnerability in Webizz Alma Corinthiana 1 The Alma Corinthiana (aka com.alma.corinthiana) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6838 | Cryptographic Issues vulnerability in Twitter Groupama Toujours LA 1.3.0 The Groupama toujours la (aka com.groupama.toujoursla) application 1.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 | |
2014-09-30 | CVE-2014-6837 | Hillside Project | Cryptographic Issues vulnerability in Hillside Project Hillside 1.1 The Hillside (aka com.hillside.hermanus) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6836 | Synology | Cryptographic Issues vulnerability in Synology DS Photo+ 3.3 The DS photo+ (aka com.synology.dsphoto) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6835 | Freetibet | Cryptographic Issues vulnerability in Freetibet Herbal Guide 1 The Herbal Guide (aka com.pocket.herbal.guide) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6834 | Instaroid Instagram Viewer Project | Cryptographic Issues vulnerability in Instaroid - Instagram Viewer Project Instaroid - Instagram Viewer 1.2.1 The Instaroid - Instagram Viewer (aka net.muik.instaroid) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6833 | Auctiontrac | Cryptographic Issues vulnerability in Auctiontrac Dealer 2.0.3 The AuctionTrac Dealer (aka com.adesa.dealer.phone) application 2.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6832 | Gcspublishing | Cryptographic Issues vulnerability in Gcspublishing Bersa Forum 3.9.16 The Bersa Forum (aka com.gcspublishing.bersaforum) application 3.9.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6831 | Hippostudio | Cryptographic Issues vulnerability in Hippostudio Hippo Studio 1 The Hippo Studio (aka com.appgreen.hippostudio) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6830 | Covetfashion | Cryptographic Issues vulnerability in Covetfashion Covet Fashion - Shopping Game 2.14.40 The Covet Fashion - Shopping Game (aka com.crowdstar.covetfashion) application 2.14.40 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6829 | Gethook | Cryptographic Issues vulnerability in Gethook Hook 0.9.3 The Hook (aka com.hook.android) application 0.9.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6828 | Gecu | Cryptographic Issues vulnerability in Gecu Gulf Credit Union 1.1 The Gulf Credit Union (aka Fi_Mobile.Gulf) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6827 | Halgame | Cryptographic Issues vulnerability in Halgame DK Online Beta 1.0.2 The DK ONLINE Beta (aka com.sgmobile.dkonline) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6826 | TIC TAC TO THE MAX Free Project | Cryptographic Issues vulnerability in Tic-Tac TO the MAX Free Project Tic-Tac TO the MAX Free 1.2 The Tic-Tac To The MAX FREE (aka com.tothemax) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6825 | Teatrofrancoparenti | Cryptographic Issues vulnerability in Teatrofrancoparenti Teatro Franco Parenti 1.4.0 The Teatro Franco Parenti (aka com.mintlab.mx.teatroparenti) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6824 | Kamkomesan Project | Cryptographic Issues vulnerability in Kamkomesan Project Kamkomesan 1 The kamkomesan (aka com.anek.kamkomesan) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6823 | Zhtiantian | Cryptographic Issues vulnerability in Zhtiantian Kuailecaidengmi 1.7.12.15 The kuailecaidengmi (aka com.licai.kuailecaidengmi) application 1.7.12.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6822 | Nerdico Project | Cryptographic Issues vulnerability in Nerdico Project Nerdico 1.9 The Nerdico (aka com.nerdico.danielepais) application 1.9 Stable for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6821 | Voetbal Project | Cryptographic Issues vulnerability in Voetbal Project Voetbal 4.7.2 The voetbal (aka nl.jborsje.android.voetbal.az) application 4.7.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6820 | Amebra Ameba Project | Cryptographic Issues vulnerability in Amebra Ameba Project Amebra Ameba 1.0.0 The Amebra Ameba (aka jp.honeytrap15.amebra) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6819 | Lappgroup | Cryptographic Issues vulnerability in Lappgroup Lapp Group Catalogue 1.4 The Lapp Group Catalogue (aka com.prinovis.LappKabel) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6818 | Core Apps | Cryptographic Issues vulnerability in Core-Apps Ohbm 20Th Annual Meeting 6.0.9.2 The OHBM 20th Annual Meeting (aka com.coreapps.android.followme.ohbm2014) application 6.0.9.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6817 | Covechurch | Cryptographic Issues vulnerability in Covechurch Cove 1.0.2 The Cove (aka org.covechurch.app) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6816 | Lvtu99 | Cryptographic Issues vulnerability in Lvtu99 Wisdom 2.1 The WISDOM (aka lvtu99.com.nescmxiaoniuniu) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6815 | Voucherry | Cryptographic Issues vulnerability in Voucherry Vouch! 2.1.6 The Vouch! (aka com.voucherry.voucherry) application 2.1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6814 | Sentinels Randomizer Project | Cryptographic Issues vulnerability in Sentinels Randomizer Project Sentinels Randomizer 1.1.0 The Sentinels Randomizer (aka com.mikehipps.sentinelsrandomizer) application 1.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6813 | Klassens Project | Cryptographic Issues vulnerability in Klassens Project Klassens 1 The klassens (aka com.mcreda.klassens.apps) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6812 | Qmania | Cryptographic Issues vulnerability in Qmania Aloha Guide 1.5 The Aloha Guide (aka com.aloha.guide.english) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6810 | Core Apps | Cryptographic Issues vulnerability in Core-Apps Rims 2014 Annual Conference 6.0.7.4 The RIMS 2014 Annual Conference (aka com.coreapps.android.followme.rims2014) application 6.0.7.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6808 | Active 24 Project | Cryptographic Issues vulnerability in Active 24 Project Active 24 1.0.1 The Active 24 (aka com.zentity.app.active24) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6807 | Olaschool | Cryptographic Issues vulnerability in Olaschool OLA School 1.2.7.132 The OLA School (aka com.conduit.app_00f9890a4f0145f2aae9d714e20b273a.app) application 1.2.7.132 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6806 | Intellegere | Cryptographic Issues vulnerability in Intellegere Thanodi - Setswana Translator 1.0.0 The Thanodi - Setswana Translator (aka com.thanodi.thanodi) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-30 | CVE-2014-6805 | Weibo Project | Cryptographic Issues vulnerability in Weibo Project Weibo 1.2 The weibo (aka magic.weibo) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6804 | Boopsie | Cryptographic Issues vulnerability in Boopsie Deschutes Public Mobilelibrary 4.5.110 The Deschutes Public MobileLibrary (aka com.bredir.boopsie.deschutes) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6803 | BM | Cryptographic Issues vulnerability in BM Bank of Moscow Eirts Rent 1.0.0 The Bank of Moscow EIRTS Rent (aka ru.bm.rbs.android) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6802 | Subsplash | Cryptographic Issues vulnerability in Subsplash First Assembly NLR 2.8.0 The First Assembly NLR (aka com.subsplash.thechurchapp.firstassemblynlr) application 2.8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6801 | Frank Matano Project | Cryptographic Issues vulnerability in Frank Matano Project Frank Matano 1 The frank matano (aka com.frank.matano) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6800 | Parentlink | Cryptographic Issues vulnerability in Parentlink Bloom Township 206 4.0.500 The Bloom Township 206 (aka net.parentlink.bloom) application 4.0.500 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6799 | Broadcom | Cryptographic Issues vulnerability in Broadcom Investigation Tool 1.0.0 The Investigation Tool (aka gov.ca.post.lp.itool) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6798 | Weeverapps | Cryptographic Issues vulnerability in Weeverapps Mcmaster Marauders 1.0.1 The McMaster Marauders (aka com.weever.marauders) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6797 | ABU ALI Anasheeds Project | Cryptographic Issues vulnerability in ABU ALI Anasheeds Project ABU ALI Anasheeds 1.1 The Abu Ali Anasheeds (aka com.faapps.abuali_anasheeds) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6796 | Localsense | Cryptographic Issues vulnerability in Localsense 1.2.1 The LocalSense (aka com.LocalSense) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6795 | Gcspublishing | Cryptographic Issues vulnerability in Gcspublishing Beekeeping Forum 3.9.15 The Beekeeping Forum (aka com.tapatalk.supporttapatalkcomxxxxx) application 3.9.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6794 | Boopsie | Cryptographic Issues vulnerability in Boopsie Aapld 4.5.110 The AAPLD (aka com.bredir.boopsie.aapld) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6793 | Roboticoverlords | Cryptographic Issues vulnerability in Roboticoverlords Arch Friend 0.4.2 The Arch Friend (aka com.xyproto.archfriend) application 0.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6792 | Suriname Radio Project | Cryptographic Issues vulnerability in Suriname Radio Project Suriname Radio 1.5 The Suriname Radio (aka com.wordbox.surinameRadio) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6791 | Atastefromheaven | Cryptographic Issues vulnerability in Atastefromheaven Angel Reigns 1.2.6.185 The Angel Reigns (aka com.conduit.app_dab60e7bd60d4f23a14b3fb7357f9dcd.app) application 1.2.6.185 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6790 | Keyinternet | Cryptographic Issues vulnerability in Keyinternet Invex 1.0.2 The INVEX (aka com.mobilatolye.keyinternet) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6789 | Boopsie | Cryptographic Issues vulnerability in Boopsie Anaheim Library 2Go! 4.5.110 The Anaheim Library 2Go! (aka com.bredir.boopsie.anaheim) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6788 | Oman News Project | Cryptographic Issues vulnerability in Oman News Project Oman News 1 The Oman News (aka com.oman.news.rmtzlnbuooordciw) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6787 | Counterintuition | Cryptographic Issues vulnerability in Counterintuition Counter Intuition 1.2 The Counter Intuition (aka com.counter.intuition) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6786 | Tinytap | Cryptographic Issues vulnerability in Tinytap Math for Kids - Subtraction 1.2.10 The Math for Kids - Subtraction (aka it.tinytap.attsa.deepsub) application 1.2.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6785 | Subsplash | Cryptographic Issues vulnerability in Subsplash Renny Mclean Ministries 2.8.1 The Renny McLean Ministries (aka com.subsplash.thechurchapp.s_GJQX72) application 2.8.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6784 | Fermononrespiri | Cryptographic Issues vulnerability in Fermononrespiri Mobile 3.8.6 The Fermononrespiri Mobile (aka com.tapatalk.rmonlineitforums) application 3.8.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6783 | Campustv | Cryptographic Issues vulnerability in Campustv Campus Link - Campus TV Hkusu 2.2 The Campus Link - Campus TV HKUSU (aka com.campus.tv.hkusu) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6782 | Abrahamtours | Cryptographic Issues vulnerability in Abrahamtours Abraham Tours 1.1.2 The Abraham Tours (aka com.mytoursapp.android.app432) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6781 | Mobilizedsolutions | Cryptographic Issues vulnerability in Mobilizedsolutions Aloha Stadium - Hawaii 1.2 The Aloha Stadium - Hawaii (aka com.stadium.aloha) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6780 | Meitalk | Cryptographic Issues vulnerability in Meitalk @7F060012 The MeiTalk (aka com.playjia.meitalk) application @7F060012 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6779 | Cart APP | Cryptographic Issues vulnerability in Cart-App Cart APP 1.5 The Cart App (aka com.virtecha.mobilewallet) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6778 | Gcspublishing | Cryptographic Issues vulnerability in Gcspublishing Goat Forum 3.9.15 The Goat Forum (aka com.gcspublishing.goatspot) application 3.9.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6777 | Blueeleph Project | Cryptographic Issues vulnerability in Blueeleph Project Blueeleph 1 The blueeleph (aka eg.film.blueeleph) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6776 | Uanw | Cryptographic Issues vulnerability in Uanw United Advantage NW Federal CR 1.7 The United Advantage NW Federal Cr (aka com.myappengine.uanwfcu) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6775 | Animalcenter | Cryptographic Issues vulnerability in Animalcenter Light for Pets 1 The Light for Pets (aka com.helenwoodward.light4pets) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6774 | Neorcha | Cryptographic Issues vulnerability in Neorcha Usek 1.0.8 The USEK (aka com.university.usek) application 1.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6773 | Bowenehs | Cryptographic Issues vulnerability in Bowenehs CIH Quiz Game 1.3 The CIH Quiz game (aka com.bowenehs.cihquizgameapp) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-29 | CVE-2014-6772 | Unitedecu | Cryptographic Issues vulnerability in Unitedecu United Educational CU 1.0.27 The United Educational CU (aka com.metova.cuae.uecu) application 1.0.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-04 | CVE-2014-7278 | Zyxel | Improper Input Validation vulnerability in Zyxel Sbg3300-N and Sbg3300-N Firmware The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified "welcome message" form data that is improperly handled during use for the loginMsg variable's value, a different vulnerability than CVE-2014-7277. | 5.0 |
2014-10-02 | CVE-2014-4765 | IBM | Information Exposure vulnerability in IBM products IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message. | 5.0 |
2014-09-30 | CVE-2014-3395 | Cisco | Improper Input Validation vulnerability in Cisco Webex Meetings Server 2.5 Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigger the download of arbitrary files via a crafted URL, aka Bug ID CSCup10343. | 5.0 |
2014-09-30 | CVE-2014-4728 | TP Link | Resource Management Errors vulnerability in Tp-Link Tl-Wdr4300 and Tl-Wdr4300 Firmware The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET request. | 5.0 |
2014-09-30 | CVE-2014-3558 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Hibernate Validator ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application. | 5.0 |
2014-09-30 | CVE-2012-5506 | Plone | Resource Management Errors vulnerability in Plone python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access. | 5.0 |
2014-09-30 | CVE-2012-5505 | Plone | Information Exposure vulnerability in Plone atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name. | 5.0 |
2014-09-30 | CVE-2012-5503 | Plone | Unspecified vulnerability in Plone ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors. | 5.0 |
2014-09-30 | CVE-2012-5501 | Plone | Permissions, Privileges, and Access Controls vulnerability in Plone at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL. | 5.0 |
2014-09-30 | CVE-2012-5496 | Plone | Resource Management Errors vulnerability in Plone kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL. | 5.0 |
2014-09-30 | CVE-2012-5495 | Plone | Code Injection vulnerability in Plone python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back." | 5.0 |
2014-09-30 | CVE-2012-5492 | Plone | Information Exposure vulnerability in Plone uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL. | 5.0 |
2014-09-29 | CVE-2012-5621 | Ekiga | Improper Input Validation vulnerability in Ekiga lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings. | 5.0 |
2014-10-05 | CVE-2014-2645 | HP | Improper Input Validation vulnerability in HP Systems Insight Manager HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to conduct clickjacking attacks via unknown vectors. | 4.3 |
2014-10-04 | CVE-2014-7277 | Zyxel | Cross-Site Scripting vulnerability in Zyxel Sbg3300-N and Sbg3300-N Firmware Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified "welcome message" form data that is improperly handled during rendering of the loginMessage list item, a different vulnerability than CVE-2014-7278. | 4.3 |
2014-10-03 | CVE-2014-6297 | MM Forum Project | Cross-Site Scripting vulnerability in MM Forum Project MM Forum Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-10-03 | CVE-2014-6296 | WEC MAP Project | Cross-Site Scripting vulnerability in WEC MAP Project WEC MAP 3.0.0/3.0.1/3.0.2 Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-10-03 | CVE-2014-6294 | External Links Click Statistics Project | Cross-Site Scripting vulnerability in External Links Click Statistics Project External Links Click Statistics Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-10-03 | CVE-2014-6291 | Alphabetic Sitemap Project | Cross-Site Scripting vulnerability in Alphabetic Sitemap Project Alphabetic Sitemap 0.0.1/0.0.2/0.0.3 Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap (alpha_sitemap) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-10-03 | CVE-2014-6079 | IBM | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2014-10-02 | CVE-2014-7157 | Exinda | Cross-Site Scripting vulnerability in Exinda WAN Optimization Suite 7.0.0 Cross-site scripting (XSS) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to inject arbitrary web script or HTML via the tabsel parameter to admin/launch. | 4.3 |
2014-10-02 | CVE-2014-7144 | Openstack | Cryptographic Issues vulnerability in Openstack Keystonemiddleware and Python-Keystoneclient OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate. | 4.3 |
2014-10-02 | CVE-2014-3097 | IBM | Open Redirection vulnerability in IBM Tivoli Federated Identity Manager 6.2.0/6.2.1/6.2.2 Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0-TIV-TFIM-IF0015, 6.2.1 before 6.2.1-TIV-TFIM-IF0007, and 6.2.2 before 6.2.2-TIV-TFIM-IF0011 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 4.3 |
2014-10-02 | CVE-2014-2642 | HP | Improper Input Validation vulnerability in HP System Management Homepage HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 4.3 |
2014-10-02 | CVE-2014-2640 | HP | Cross-Site Scripting vulnerability in HP System Management Homepage Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-10-01 | CVE-2011-4624 | Codeasily | Cross-Site Scripting vulnerability in Codeasily Grand Flagallery 1.56 Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter. | 4.3 |
2014-09-30 | CVE-2014-6619 | Restaurantmis | Cross-Site Scripting vulnerability in Restaurantmis Restaurant Script 1.0.0 Multiple cross-site scripting (XSS) vulnerabilities in register-exec.php in Restaurant Script (PizzaInn_Project) 1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, or (3) login parameter. | 4.3 |
2014-09-30 | CVE-2014-6618 | Your Online Shop Project | Cross-Site Scripting vulnerability in Your Online Shop Project Your Online Shop Cross-site scripting (XSS) vulnerability in Your Online Shop allows remote attackers to inject arbitrary web script or HTML via the products_id parameter. | 4.3 |
2014-09-30 | CVE-2014-4727 | TP Link | Cross-Site Scripting vulnerability in Tp-Link Tl-Wdr4300 and Tl-Wdr4300 Firmware Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to inject arbitrary web script or HTML via the hostname in a DHCP request. | 4.3 |
2014-09-30 | CVE-2014-7199 | Mediawiki | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file. | 4.3 |
2014-09-30 | CVE-2014-5444 | Yorba | Cryptographic Issues vulnerability in Yorba Geary Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate. | 4.3 |
2014-09-30 | CVE-2014-0170 | Redhat Jboss | Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue. | 4.3 |
2014-09-30 | CVE-2012-6316 | TP Link | Cross-Site Scripting vulnerability in Tp-Link Tl-Wr841N and Tl-Wr841N Firmware Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm. | 4.3 |
2014-09-30 | CVE-2012-5507 | Zope Plone | Race Condition vulnerability in multiple products AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation. | 4.3 |
2014-09-30 | CVE-2012-5504 | Plone | Cross-Site Scripting vulnerability in Plone Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-09-30 | CVE-2012-5494 | Plone | Cross-Site Scripting vulnerability in Plone Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "{u,}translate." | 4.3 |
2014-09-30 | CVE-2012-5491 | Plone | Information Exposure vulnerability in Plone z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id. | 4.3 |
2014-09-30 | CVE-2012-5490 | Plone | Cross-Site Scripting vulnerability in Plone Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-09-29 | CVE-2013-2586 | Apachefriends | Cross-Site Scripting vulnerability in Apachefriends Xampp 1.8.1 XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method. | 4.3 |
2014-09-29 | CVE-2014-3824 | Juniper | Cross-Site Scripting vulnerability in Juniper Junos Pulse Secure Access Service Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-09-29 | CVE-2014-3823 | Juniper | Improper Input Validation vulnerability in Juniper Junos Pulse Secure Access Service The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 4.3 |
2014-09-29 | CVE-2014-3820 | Juniper | Cross-Site Scripting vulnerability in Juniper products Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-10-05 | CVE-2014-3400 | Cisco | Information Exposure vulnerability in Cisco Webex Meetings Server Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344. | 4.0 |
2014-10-02 | CVE-2014-6414 | Openstack Canonical | Permissions, Privileges, and Access Controls vulnerability in multiple products OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. | 4.0 |
7 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-10-03 | CVE-2014-7217 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php. | 3.5 |
2014-09-30 | CVE-2012-5502 | Plone | Cross-Site Scripting vulnerability in Plone Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2014-09-29 | CVE-2013-3065 | Linksys | Cross-Site Scripting vulnerability in Linksys Ea6500 and Ea6500 Firmware Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Blocked Specific Sites section. | 3.5 |
2014-10-02 | CVE-2014-7156 | XEN | Permissions, Privileges, and Access Controls vulnerability in XEN The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors. | 3.3 |
2014-09-30 | CVE-2014-4330 | Perl Data Dumper Project | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. | 2.1 |
2014-09-29 | CVE-2012-6110 | Bcron Project | Permissions, Privileges, and Access Controls vulnerability in Bcron Project Bcron Exec bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor. | 2.1 |
2014-09-29 | CVE-2012-5619 | Sleuthkit | Improper Input Validation vulnerability in Sleuthkit the Sleuth KIT 4.0.1 The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . | 2.1 |