Weekly Vulnerabilities Reports > October 20 to 26, 2014

Overview

391 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 17 high severity vulnerabilities. This weekly summary report vulnerabilities in 392 products from 319 vendors including Magzter, Pocketmags, IBM, Redhat, and Ireadercity. Vulnerabilities are notably categorized as "Cryptographic Issues", "Cross-site Scripting", "SQL Injection", "Information Exposure", and "Permissions, Privileges, and Access Controls".

  • 98 reported vulnerabilities are remotely exploitables.
  • 15 reported vulnerabilities have public exploit available.
  • 56 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 371 reported vulnerabilities are exploitable by an anonymous user.
  • Magzter has the most reported vulnerabilities, with 16 reported vulnerabilities.
  • Merethis has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

4 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-10-23 CVE-2014-3829 Merethis Code Injection vulnerability in Merethis Centreon and Centreon Enterprise Server

displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable.

10.0
2014-10-23 CVE-2014-3828 Merethis SQL Injection vulnerability in Merethis Centreon and Centreon Enterprise Server

Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/.

10.0
2014-10-20 CVE-2014-8329 Schrack Improper Authentication vulnerability in Schrack products

Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain access data for the ftp and telnet services via a direct request for ZTPUsrDtls.txt.

10.0
2014-10-22 CVE-2014-6352 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.

9.3

17 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-10-26 CVE-2013-1641 Quixplorer Path Traversal vulnerability in Quixplorer

Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a ..

7.8
2014-10-24 CVE-2014-8346 Samsung Code Injection vulnerability in Samsung Findmymobile and Mobile

The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.

7.8
2014-10-22 CVE-2014-8325 Calender Base Project Resource Management Errors vulnerability in Calender Base Project Calender Base

The Calendar Base (cal) extension before 1.5.9 and 1.6.x before 1.6.1 for TYPO3 allows remote attackers to cause a denial of service (resource consumption) via vectors related to the PHP PCRE library.

7.8
2014-10-26 CVE-2014-5520 Xrms CRM Project SQL Injection vulnerability in Xrms CRM Project Xrms CRM 1.99.2

SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php.

7.5
2014-10-26 CVE-2013-7408 F5 Cryptographic Issues vulnerability in F5 Big-Ip Analytics

F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value.

7.5
2014-10-26 CVE-2014-6037 Zohocorp Path Traversal vulnerability in Zohocorp Manageengine Eventlog Analyzer 8.2/9.0

Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with ..

7.5
2014-10-25 CVE-2014-1927 Python Gnupg Project Improper Input Validation vulnerability in Python-Gnupg Project Python-Gnupg 0.3.5

The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, a different vulnerability than CVE-2014-1928.

7.5
2014-10-22 CVE-2014-3677 Redhat Unspecified vulnerability in Redhat Shim

Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.

7.5
2014-10-22 CVE-2014-3676 Redhat Out-Of-Bounds Write vulnerability in Redhat Shim

Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."

7.5
2014-10-21 CVE-2014-5006 Zohocorp Path Traversal vulnerability in Zohocorp Manageengine Desktop Central

Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a ..

7.5
2014-10-21 CVE-2014-5005 Zohocorp Path Traversal vulnerability in Zohocorp Manageengine Desktop Central

Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a ..

7.5
2014-10-21 CVE-2014-7140 Citrix Unspecified vulnerability in Citrix Netscaler Application Delivery Controller Firmware 10.0/10.1/10.5

Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vectors.

7.5
2014-10-21 CVE-2013-7406 Mrbs Project SQL Injection vulnerability in Mrbs Project Mrbs 1.4.0/1.4.8

SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2014-10-20 CVE-2014-8366 Os4Ed SQL Injection vulnerability in Os4Ed Opensis 4.5/5.3

SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php.

7.5
2014-10-20 CVE-2014-8363 Wordpress Spreadsheet Project SQL Injection vulnerability in Wordpress Spreadsheet Project Wordpress Spreadsheet 0.62

SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.

7.5
2014-10-20 CVE-2014-2081 III SQL Injection vulnerability in III Vtls-Virtua 2013.2.3/2014.1.0

Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.

7.5
2014-10-20 CVE-2012-5244 Bananadance SQL Injection vulnerability in Bananadance Banana Dance 0.9/1.5

Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php.

7.5

348 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-10-23 CVE-2014-0619 Hamstersoft Local Security vulnerability in Hamstersoft Hamster Free ZIP Archiver 2.0.1.7

Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

6.9
2014-10-26 CVE-2014-2987 Egroupware Cross-Site Request Forgery (CSRF) vulnerability in Egroupware

Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an admin.uiaccounts.add_user action to index.php or (2) modify settings via the newsettings parameter in an admin.uiconfig.index action to index.php.

6.8
2014-10-25 CVE-2014-3137 Bottlepy Improper Input Validation vulnerability in Bottlepy Bottle

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code.

6.8
2014-10-25 CVE-2014-5075 Redhat
Igniterealtime
Cryptographic Issues vulnerability in multiple products

The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

6.8
2014-10-25 CVE-2014-3604 NOT YET Commons SSL Project Cryptographic Issues vulnerability in NOT YET Commons SSL Project NOT YET Commons SSL 0.3.14

Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

6.8
2014-10-23 CVE-2014-8073 Openmrs Cross-Site Request Forgery (CSRF) vulnerability in Openmrs 2.1

Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentication of administrators for requests that add a new user via a Save User action to admin/users/user.form.

6.8
2014-10-23 CVE-2014-7281 Tenda Cross-Site Request Forgery (CSRF) vulnerability in Tenda A32 and A32 Firmware

Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

6.8
2014-10-22 CVE-2013-7407 Drupal Cross-Site Request Forgery (CSRF) vulnerability in Drupal Mrbs Module

Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2014-10-22 CVE-2014-4449 Apple Cryptographic Issues vulnerability in Apple Iphone OS

iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

6.8
2014-10-21 CVE-2012-5242 Bananadance Path Traversal vulnerability in Bananadance Banana Dance 0.9/1.5

Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a ..

6.8
2014-10-20 CVE-2014-3564 GNU
Canonical
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."

6.8
2014-10-20 CVE-2014-8331 Huawei Cross-Site Request Forgery (CSRF) vulnerability in Huawei E3236 Firmware and E3276 Firmware

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3236 before E3276sTCPU-V200R002B470D13SP00C00 and E3276sWebUI-V100R007B100D03SP01C03 and E3276 before E3236sTCPU-V200R002B146D41SP00C00 and E3236sWebUI-V100R007B100D03SP01C03 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) use device functions.

6.8
2014-10-20 CVE-2012-5695 Bulbsecurity Cross-Site Request Forgery (CSRF) vulnerability in Bulbsecurity Smartphone Pentest Framework 0.1.2/0.1.3/0.1.4

Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS message.

6.8
2014-10-20 CVE-2012-5694 Bulbsecurity SQL Injection vulnerability in Bulbsecurity Smartphone Pentest Framework 0.1.2

Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.pl; the (6) modemPhoneNo, (7) controlKey, or (8) appURLPath parameter to frameworkgui/attachMobileModem.pl; the agentsDD parameter to (9) escalatePrivileges.pl, (10) getContacts.pl, (11) getDatabase.pl, (12) sendSMS.pl, or (13) takePic.pl in frameworkgui/; or the modemNoDD parameter to (14) escalatePrivileges.pl, (15) getContacts.pl, (16) getDatabase.pl, (17) SEAttack.pl, (18) sendSMS.pl, (19) takePic.pl, or (20) CSAttack.pl in frameworkgui/.

6.8
2014-10-20 CVE-2012-5701 Dotproject Cross-Site Request Forgery (CSRF) vulnerability in Dotproject 2.1.6

Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php.

6.8
2014-10-26 CVE-2014-3520 Openstack Incorrect Authorization vulnerability in Openstack Keystone

OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request.

6.5
2014-10-21 CVE-2014-2531 Interworx SQL Injection vulnerability in Interworx web Control Panel

SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) Resellers interface, as demonstrated by the "or" key in a pgn8state object in an i object in a JSON object.

6.5
2014-10-21 CVE-2014-8375 GB Plugins SQL Injection vulnerability in Gb-Plugins GB Gallery Slideshow 1.5

SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php.

6.5
2014-10-20 CVE-2014-5275 Prochatrooms SQL Injection vulnerability in Prochatrooms Text Chat Rooms 8.2.0

Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) password, (2) email, or (3) id parameter.

6.5
2014-10-20 CVE-2014-3978 Tomatocart SQL Injection vulnerability in Tomatocart 1.1.8.6.1

SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact.

6.5
2014-10-20 CVE-2012-5865 Achievo SQL Injection vulnerability in Achievo 1.4.5

SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action.

6.5
2014-10-25 CVE-2014-3409 Cisco Resource Management Errors vulnerability in Cisco IOS XE

The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.

6.1
2014-10-25 CVE-2014-6251 Cpuminer Project Buffer Errors vulnerability in Cpuminer Project Cpuminer 2.4.0

Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request.

6.0
2014-10-23 CVE-2014-7292 Newtelligence Open Redirection vulnerability in Newtelligence Dasblog 2.1/2.2/2.3

Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to ct.ashx.

5.8
2014-10-23 CVE-2014-2230 Openx Open Redirection vulnerability in OpenX

Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

5.8
2014-10-21 CVE-2014-7804 Apptreestudios Cryptographic Issues vulnerability in Apptreestudios Gangsta Auto Thief III 1.1

The Gangsta Auto Thief III (aka com.apptreestudios.gdup3) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7803 Onesolutionapps Cryptographic Issues vulnerability in Onesolutionapps Woodward Bail 1.1

The Woodward Bail (aka com.onesolutionapps.woodwardbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7802 Appa Apps Cryptographic Issues vulnerability in Appa-Apps TOP Roller Coasters Europe 2 @7F050001

The Top Roller Coasters Europe 2 (aka com.appaapps.top10tallesteuropeanrollercoasters2) application @7F050001 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7800 Daily Green Project Cryptographic Issues vulnerability in Daily Green Project Daily Green 2014.07

The Daily Green (aka it.opentt.blog.dailygreen) application 2014.07 dlygrn for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7799 Squishy Birds Project Cryptographic Issues vulnerability in Squishy Birds Project Squishy Birds 1.0.1

The Squishy birds (aka com.tatmob.squishybirds) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7798 Enyetech Cryptographic Issues vulnerability in Enyetech Coca-Cola FM Brasil 2.0.41709

The Coca-Cola FM Brasil (aka com.enyetech.radio.coca_cola.fm_br) application 2.0.41709 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7797 Gotobestofprice Cryptographic Issues vulnerability in Gotobestofprice Thai Food 1

The Thai food (aka com.foods.thaifood) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7796 Nobexrc Cryptographic Issues vulnerability in Nobexrc House365 Radio 3.2.3

The House365 Radio (aka com.nobexinc.wls_27853803.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7795 ITP Cryptographic Issues vulnerability in ITP Harpers Bazaar ART @7F080181

The Harpers Bazaar Art (aka com.itp.harpersart) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7794 Narr8 Cryptographic Issues vulnerability in Narr8 Knights of the Void 2.1.7

The Knights of the Void (aka me.narr8.android.serial.knights_of_the_void) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7793 CB Calciatori Brutti Project Cryptographic Issues vulnerability in CB - Calciatori Brutti Project CB - Calciatori Brutti 1

The CB - Calciatori Brutti (aka com.calciatori.brutti) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7791 Appsgeyser Cryptographic Issues vulnerability in Appsgeyser Backyard Wrestling 0.1

The Backyard Wrestling (aka com.wBackyardWrestling) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7789 Zillionmuslims Cryptographic Issues vulnerability in Zillionmuslims Zillion Muslims 1.1

The Zillion Muslims (aka com.zillionmuslims.src) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7788 Best Free Giveaways Project Cryptographic Issues vulnerability in Best Free Giveaways Project Best Free Giveaways 0.1

The Best Free Giveaways (aka com.wIphone5GiveAways) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7787 Synapse Cryptographic Issues vulnerability in Synapse Ishuttle 1

The iShuttle (aka com.synapse.ishuttle_user) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7786 Magzter Cryptographic Issues vulnerability in Magzter English Football Magazine 3

The English Football Magazine (aka com.magzter.englishfootball) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7785 Onesolutionapps Cryptographic Issues vulnerability in Onesolutionapps Aaaa Discount Bail 1.1

The AAAA Discount Bail (aka com.onesolutionapps.aaaadiscountbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7784 Magzter Cryptographic Issues vulnerability in Magzter Schon! Magazine 3

The Schon! Magazine (aka com.magzter.schonmagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7783 Billgbennett Cryptographic Issues vulnerability in Billgbennett Bill G. Bennett 1

The Bill G.

5.4
2014-10-21 CVE-2014-7782 Macedonia Hacienda Hotel Project Cryptographic Issues vulnerability in Macedonia Hacienda Hotel Project Macedonia Hacienda Hotel 1.0

The Macedonia Hacienda Hotel (aka appinventor.ai_orolimpio999.HotelMacedonia) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7781 Fallacystudios Cryptographic Issues vulnerability in Fallacystudios Marijuana Handbook Lite - Weed 3.2

The Marijuana Handbook Lite - Weed (aka com.fallacystudios.marijuanahandbooklite) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7780 Ienvisage Cryptographic Issues vulnerability in Ienvisage Pakistan Cricket News 1.21.38.6504

The Pakistan Cricket News (aka com.conduit.app_cf18df8bdf454eb0a836e2d29886bc40.app) application 1.21.38.6504 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7779 Kuran IN Bilimsel Mucizeleri Project Cryptographic Issues vulnerability in Kuran'In Bilimsel Mucizeleri Project Kuran'In Bilimsel Mucizeleri 0.1

The Kuran'in Bilimsel Mucizeleri (aka com.wKurannBilimselMucizeleri) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7778 Magzter Cryptographic Issues vulnerability in Magzter EPC World 3.1

The Epc World (aka com.magzter.epcworld) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7777 Gcspublishing Cryptographic Issues vulnerability in Gcspublishing Slingshot Forum 3.9.14

The Slingshot Forum (aka com.tapatalk.theslingshotforumcom) application 3.9.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7776 Snaplion Cryptographic Issues vulnerability in Snaplion Kavita KS 2.4

The Kavita KS (aka com.snaplion.kavitaks) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7775 Magzter Cryptographic Issues vulnerability in Magzter Champak - Hindi 3.0.1

The Champak - Hindi (aka com.magzter.champakhindi) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7774 Herbs Flowers Dictionary Project Cryptographic Issues vulnerability in Herbs & Flowers Dictionary Project Herbs & Flowers Dictionary 0.1

The Herbs & Flowers Dictionary (aka com.wHerbsNFlowersDictionary) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7773 Appstronautme Cryptographic Issues vulnerability in Appstronautme Cleveland Football Stream 2.1.0

The Cleveland Football STREAM (aka com.appstronautme.clevelandfootballstream) application 2.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7772 MB Tickets Project Cryptographic Issues vulnerability in MB Tickets Project MB Tickets 3.0.1

The MB Tickets (aka com.xcr.android.mbtickets) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7771 Worldtamilbayan Cryptographic Issues vulnerability in Worldtamilbayan World Tamil Bayan 0.1

The World Tamil Bayan (aka com.wWorldTamilBayan) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7770 Mediaonlinecenter Cryptographic Issues vulnerability in Mediaonlinecenter Lagu POP Indonesia 2

The Lagu POP Indonesia (aka com.lagu.pop.indonesia.xygwphqpuomclljvaa) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7769 Mibizapps Cryptographic Issues vulnerability in Mibizapps Accurate Lending 1.0021.B0021

The Accurate Lending (aka com.soln.S7B193908AEA1937C7CBB4E889A46D3C0) application 1.0021.b0021 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7768 Analects OF Confucius Project Cryptographic Issues vulnerability in Analects of Confucius Project Analects of Confucius 8

The Analects of Confucius (aka com.azbc88881.lunyu) application 8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7767 Yunlai Cryptographic Issues vulnerability in Yunlai A+ 1.0.1

The A+ (aka cn.xrzcm) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7766 7 Habits Personal Development Project Cryptographic Issues vulnerability in 7 Habits Personal Development Project 7 Habits Personal Development 1

The 7 Habits Personal Development (aka appinventor.ai_ingka_d_jiw.TheCompleteGuideToApplyingThe7HabitsInHolisticPersonalDevelopment) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7765 Tinytap Cryptographic Issues vulnerability in Tinytap Hundred Thousands KID Book 1.6.3

The Hundred Thousands Kid Book (aka it.tinytap.attsa.thousands) application 1.6.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7764 Semper Invicta Fitness Project Cryptographic Issues vulnerability in Semper Invicta Fitness Project Semper Invicta Fitness 1.1

The Semper Invicta Fitness (aka com.semper.invicta.fitness) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7763 Mirucho Cryptographic Issues vulnerability in Mirucho Listen Up! Mirucho 1.1.8

The Listen up! mirucho (aka jp.ameba.kiiteyo.android) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7762 Bite IT Project Cryptographic Issues vulnerability in Bite It! Project Bite It! 1.1.8

The Bite it! (aka com.ASA1Touch.Bite_it) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7761 Sincerely Cryptographic Issues vulnerability in Sincerely INK Cards 2.0.4

The Ink Cards (aka com.sincerely.android.ink) application 2.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7760 GOO Cryptographic Issues vulnerability in GOO Health Assistance Service 2.4.1

The Health assistance service (aka net.nttcloud.ft.karada) application 2.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7759 Nobexrc Cryptographic Issues vulnerability in Nobexrc Jazz Lovers Radio 3.2.3

The Jazz Lovers Radio (aka com.nobexinc.wls_99273254.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7758 Andsocialrew Cryptographic Issues vulnerability in Andsocialrew Amkamal Science Portfolio 0.1

The AMKAMAL Science Portfolio (aka com.wAMKAMALSciencePortfolio) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7757 Awful Ninja Game Project Cryptographic Issues vulnerability in Awful Ninja Game Project Awful Ninja Game 1.0.23

The Awful Ninja Game (aka com.absolutelyawfulapplications.awfulninjagame) application 1.0.23 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7756 Radiohead FAN Project Cryptographic Issues vulnerability in Radiohead FAN Project Radiohead FAN 4.6.2

The Radiohead fan (aka nl.jborsje.android.bandnews.radiohead) application 4.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7755 Etopuponline Cryptographic Issues vulnerability in Etopuponline 3.4.9

The eTopUpOnline (aka com.moremagic.etopup.client.android) application 3.4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7754 Appsworld Cryptographic Issues vulnerability in Appsworld Condor S.E. 1.399

The Condor S.E.

5.4
2014-10-21 CVE-2014-7753 CIR Cryptographic Issues vulnerability in CIR Circa News 2.1.3

The Circa News (aka cir.ca) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7752 Nasioc Cryptographic Issues vulnerability in Nasioc 3.8.0

The NASIOC (aka net.endoftime.android.forumrunner.nasioc) application 3.8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7751 Fotoschilenas Cryptographic Issues vulnerability in Fotoschilenas Recetas DE Tragos 0.1

The Recetas de Tragos (aka com.wRecetasdeTragos) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7750 Pocketmags Cryptographic Issues vulnerability in Pocketmags Taster Magazine @7F080183

The Taster Magazine (aka com.magazinecloner.taster) application @7F080183 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7749 Intsig Cryptographic Issues vulnerability in Intsig Camdictionary 2.3.0.20131118

The CamDictionary (aka com.intsig.camdict) application 2.3.0.20131118 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7748 Garip VE Ilginc Olaylar Project Cryptographic Issues vulnerability in Garip VE Ilginc Olaylar Project Garip VE Ilginc Olaylar 0.1

The Garip Ve Ilginc Olaylar (aka com.wGaripveeIlgincOlay) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7746 Pocketmags Cryptographic Issues vulnerability in Pocketmags Fusion Flowers - Weddings @7F0801Aa

The Fusion Flowers - Weddings (aka com.triactivemedia.fusionweddings) application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7745 133 Cryptographic Issues vulnerability in 133 Flight Manager 4

The Flight Manager (aka com.flightmanager.view) application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7744 Musulmanin Cryptographic Issues vulnerability in Musulmanin Musulmanin.Com 0.1

The Musulmanin.com (aka com.wSalyafiyailimurdjiya) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7743 Humor Ironias Y Realidades Project Cryptographic Issues vulnerability in Humor Ironias Y Realidades Project Humor Ironias Y Realidades 0.63.13371.13576

The Humor Ironias y Realidades (aka com.wHumork) application 0.63.13371.13576 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7742 Informaciondelvaticano Cryptographic Issues vulnerability in Informaciondelvaticano Noticias DEL Vaticano 0.1

The Noticias del Vaticano (aka com.wNoticiasdelVaticano) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7741 Almasiapps Cryptographic Issues vulnerability in Almasiapps Healing Bookstore 0.1

The Healing Bookstore (aka com.wHealingBookstore) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7740 Pocketmags Cryptographic Issues vulnerability in Pocketmags Pony Magazine @7F080193

The Pony Magazine (aka com.triactivemedia.ponymagazine) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7739 Deceiver Cryptographic Issues vulnerability in Deceiver Anahi A Adopter FR 0.1

The Anahi A Adopter FR (aka com.wAnahiAAdopterFR) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7737 Fmac Cryptographic Issues vulnerability in Fmac : Federation Culinaire 1

The FMAC : Federation Culinaire (aka com.fmac) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7735 2RV Cryptographic Issues vulnerability in 2RV DR. Sheikh Adnan Ibrahim 1

The Dr.

5.4
2014-10-21 CVE-2014-7734 Onesolutionapps Cryptographic Issues vulnerability in Onesolutionapps Reds Anytime Bail 1.1

The Reds Anytime Bail (aka com.onesolutionapps.redsanytimebailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7733 Magzter Cryptographic Issues vulnerability in Magzter Karaf Magazin 3

The Karaf Magazin (aka com.magzter.karafmagazin) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7731 Radio DE LA Cato Project Cryptographic Issues vulnerability in Radio DE LA Cato Project Radio DE LA Cato 2.0

The Radio de la Cato (aka com.radio.de.la.cato) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7728 Civitasmedia Cryptographic Issues vulnerability in Civitasmedia Logan Banner 1.0010.B0010

The Logan Banner (aka com.soln.S8B5C1F53B8CBE06D5DE0A0E7E23DCDA7) application 1.0010.b0010 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7727 GOO Cryptographic Issues vulnerability in GOO DJ Brad H 0.9

The Dj Brad H (aka com.dreamstep.wDjBradH) application 0.90 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7726 Golosinassimpson Cryptographic Issues vulnerability in Golosinassimpson Golosinas Simpson1 0.1

The Golosinas Simpson1 (aka com.wGolosinasSimpson1) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7725 ISS Cryptographic Issues vulnerability in ISS Rally Albania Live 2014 0.11

The Rally Albania Live 2014 (aka com.wRallyAlbaniaLIVE2014) application 0.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7724 Chemssou Blink Project Cryptographic Issues vulnerability in Chemssou Blink Project Chemssou Blink 1

The Chemssou Blink (aka com.chemssou.blink) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7723 CMU Cryptographic Issues vulnerability in CMU Carnegie Mellon Silicon Valley 0.1

The Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7722 Magzter Cryptographic Issues vulnerability in Magzter Indian Jeweller 3

The Indian Jeweller (aka com.magzter.indianjeweller) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7721 Flexymind Cryptographic Issues vulnerability in Flexymind President Clicker 1.0.4

The President Clicker (aka com.flexymind.pclicker) application 1.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7720 Pacificmags Cryptographic Issues vulnerability in Pacificmags Better Homes and Gardens AUS @7F0801B2

The Better Homes and Gardens Aus (aka com.pacificmagazines.betterhomesandgardens) application @7F0801B2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7719 Mobile Cryptographic Issues vulnerability in Mobile Baseball Manager K 1.13

The BASEBALL MANAGER K (aka com.cjenm.yagamkgoogle) application 1.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7718 Magzter Cryptographic Issues vulnerability in Magzter Travel+Leisure 3

The Travel+Leisure (aka com.magzter.travelleisure) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7717 Userfriendlymedia Cryptographic Issues vulnerability in Userfriendlymedia Mills-Hazel Property Mgmt 3.0.0

The Mills-Hazel Property Mgmt (aka com.appexpress.millshazelpropertymanagement) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7716 Nestler Cryptographic Issues vulnerability in Nestler Ultimate Christian Radios 1.0.1

The Ultimate Christian Radios (aka com.ngg.ultimatechristianradios) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7715 Innopage Cryptographic Issues vulnerability in Innopage Giga Hobby 1.0.6

The GIGA HOBBY (aka com.innopage.store.gigahobby) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7714 Ibon Cryptographic Issues vulnerability in Ibon 3.2.1

The ibon (aka tw.net.pic.mobi) application 3.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7713 Pocketmags Cryptographic Issues vulnerability in Pocketmags Skin&Ink Magazine @7F08017A

The Skin&Ink Magazine (aka com.triactivemedia.skinandink) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7712 Tiket Cryptographic Issues vulnerability in Tiket Tiket.Com Hotel & Flight 1.1.2

The Tiket.com Hotel & Flight (aka com.tiket.gits) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7710 Magzter Cryptographic Issues vulnerability in Magzter India Today Telugu 3.02

The India Today Telugu (aka com.magzter.indiatoday.telugu) application 3.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7708 Booksbyraven Cryptographic Issues vulnerability in Booksbyraven Raven - the Culture Lover 1.6

The Raven - The Culture Lover (aka com.booksbyraven) application 1.60 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7707 Pocketmags Cryptographic Issues vulnerability in Pocketmags Outdoor Design and Living @7F080181

The Outdoor Design And Living (aka com.pocketmagsau.outdoordesignandliving) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7705 Mbtcreations Cryptographic Issues vulnerability in Mbtcreations Atkins Diet Free Shopping List 1.1

The Atkins Diet Free Shopping List (aka com.wAtkinsDietFreeShoppingList) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7703 Pocketmags Cryptographic Issues vulnerability in Pocketmags Terrorizer Magazine @7F08017A

The Terrorizer Magazine (aka com.triactivemedia.terrorizer) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7702 Ahtty Cryptographic Issues vulnerability in Ahtty 1.97.16

The ahtty (aka com.crevation.babylon.ahtty) application 1.97.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7701 Abine Cryptographic Issues vulnerability in Abine Donottrackme - Mobile Privacy 1.1.8

The DoNotTrackMe - Mobile Privacy (aka com.abine.dnt) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7700 Chillingo Cryptographic Issues vulnerability in Chillingo Flying FOX 1.0.0

The Flying Fox (aka com.chillingo.slyfoxfree.android.aja) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7698 Xinhua News Cryptographic Issues vulnerability in Xinhua-News Xinhua International 5.5.0

The Xinhua International (aka org.xinhua.xnews_international) application 5.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7697 Endulujans Cryptographic Issues vulnerability in Endulujans Eyvah! Bosandim Ozgurum 0.1

The Eyvah! Bosandim ozgurum (aka com.wEyvahBosandimBlog) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7696 Magzter Cryptographic Issues vulnerability in Magzter Halftime Magazine 3

The Halftime Magazine (aka com.magzter.halftimemagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7695 Easaa Cryptographic Issues vulnerability in Easaa Baoneng 1

The easaa Baoneng (aka com.easaa.baoneng) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7694 Fastappz Cryptographic Issues vulnerability in Fastappz Corvette Museum 1.399

The Corvette Museum (aka com.app_corvettemuseum.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7693 Jusapp Cryptographic Issues vulnerability in Jusapp Jusapp! 3.7.5

The JusApp! (aka com.tapatalk.jusappcombrforum) application 3.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7692 Rowlandsolutions Cryptographic Issues vulnerability in Rowlandsolutions Lent Experience 0.1

The Lent Experience (aka com.wLentExperience) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7691 Life Story OF Sheikh Mujib Project Cryptographic Issues vulnerability in Life Story of Sheikh Mujib Project Life Story of Sheikh Mujib 0.1

The Life Story of Sheikh Mujib (aka com.wbongobondho) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7690 Myfone Cryptographic Issues vulnerability in Myfone Shopping 2.1.01.00.040

The myfone Shopping (aka com.twm.pt.eccart) application 2.1.01.00.040 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7689 Longluntan Cryptographic Issues vulnerability in Longluntan Gzonerc - the RC Hobby HUB 0.1

The GzoneRC - The RC Hobby Hub (aka com.wGzoneRC) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7688 Home Improvement Project Cryptographic Issues vulnerability in Home Improvement Project Home Improvement 0.1

The Home Improvement (aka com.whomeimprovementapp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7686 Chamberme Cryptographic Issues vulnerability in Chamberme SO. CO. Business Partnership 3.2

The So.

5.4
2014-10-21 CVE-2014-7685 Razerzone Cryptographic Issues vulnerability in Razerzone Razer Comms - Gaming Messenger 1.3.07

The Razer Comms - Gaming Messenger (aka com.razerzone.comms) application 1.3.07 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7683 Booksellerscanada Cryptographic Issues vulnerability in Booksellerscanada Free Canadian Author Previews 1.0.0

The Free Canadian Author Previews (aka com.booksellerscanada.authorpreview) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7682 Magzter Cryptographic Issues vulnerability in Magzter Gr8! TV 3

The GR8! TV (aka com.magzter.greighttv) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7681 Core Apps Cryptographic Issues vulnerability in Core-Apps VMWare Vforums 2014 6.0.9.4

The VMware vForums 2014 (aka com.coreapps.android.followme.vmwarevforums) application 6.0.9.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7677 Scudetto Project Cryptographic Issues vulnerability in Scudetto Project Scudetto 2.7

The Scudetto (aka com.scudetto) application 2.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7676 Home Made AIR Freshener Project Cryptographic Issues vulnerability in Home Made AIR Freshener Project Home Made AIR Freshener 1.1

The Home Made Air Freshener (aka com.wHomeMadeAirFreshener) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7674 Ticketone Cryptographic Issues vulnerability in Ticketone Ticketone.It 2.2

The TicketOne.it (aka it.ticketone.mobile.app.Android) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7671 Tekno Apsis Project Cryptographic Issues vulnerability in Tekno Apsis Project Tekno Apsis 2.4

The Tekno Apsis (aka com.teknoapsis) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7670 Alawar Cryptographic Issues vulnerability in Alawar Motor Town: Machine Soul Free 1.1

The Motor Town: Machine Soul Free (aka com.alawar.motortownfree) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7668 Inzeratyzdarma Cryptographic Issues vulnerability in Inzeratyzdarma ADS Free. CZ Advert 1.4

The Ads Free.

5.4
2014-10-21 CVE-2014-7667 Enyetech Cryptographic Issues vulnerability in Enyetech Coca-Cola FM Honduras 2.0.41725

The Coca-Cola FM Honduras (aka com.enyetech.radio.coca_cola.fm_hn) application 2.0.41725 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7666 Pocketmags Cryptographic Issues vulnerability in Pocketmags American Waterfowler @7F0801Aa

The American Waterfowler (aka com.magazinecloner.americanwaterfowler) application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7664 Bilingual Magic Ball Relajo Project Cryptographic Issues vulnerability in Bilingual Magic Ball Relajo Project Bilingual Magic Ball Relajo 0.1

The Bilingual Magic Ball Relajo (aka com.wBilingualMagicBallRelajo) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7663 GO Nitty Gritty Cryptographic Issues vulnerability in Go-Nitty-Gritty Right TO the Nitty Gritty 0.1

The Right to the Nitty Gritty (aka com.wGoNittyGritty) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7661 Masquito2013 Cryptographic Issues vulnerability in Masquito2013 Masquito Blogger 0.1

The Masquito Blogger (aka com.wmasquito) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7660 Magzter Cryptographic Issues vulnerability in Magzter Gent Magazine 3

The Gent Magazine (aka com.magzter.thegentmagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7659 Expeditersonline Cryptographic Issues vulnerability in Expeditersonline Expeditersonline.Com Forum 3.7.13

The ExpeditersOnline.com Forum (aka com.quoord.tapatalkeo.activity) application 3.7.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7656 Magzter Cryptographic Issues vulnerability in Magzter Indian Management 3

The Indian Management (aka com.magzter.indianmanagement) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7655 Verkehrsmuseum Dresden Cryptographic Issues vulnerability in Verkehrsmuseum-Dresden Dresden Transport Museum 2.2

The Dresden Transport Museum (aka de.appack.project.vmd) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7652 Magicam Photo Magic Editor Project Cryptographic Issues vulnerability in Magicam Photo Magic Editor Project Magicam Photo Magic Editor 5

The Magicam Photo Magic Editor (aka mobi.magicam.editor) application 5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7650 Ashok88 Cryptographic Issues vulnerability in Ashok88 Jja- Juvenile Justice ACT 1986 1

The JJA- Juvenile Justice Act 1986 (aka com.felix.jja) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7649 Pocketmags Cryptographic Issues vulnerability in Pocketmags Classic CAR Buyer @7F08017A

The Classic Car Buyer (aka com.magazinecloner.carbuyer) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7648 IP Phone Smart Cryptographic Issues vulnerability in Ip-Phone-Smart Smartalk 1.1

The SMARTalk (aka jp.co.fusioncom.smartalk.android) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7647 Mygoodhotels Cryptographic Issues vulnerability in Mygoodhotels Booking Discount 0.1

The BOOKING DISCOUNT (aka com.wmygoodhotelscom) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7646 Buzztouch Cryptographic Issues vulnerability in Buzztouch Emt-Paramedic Lite 0.1

The EMT-Paramedic Lite (aka com.wEMTparamedicLite) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7644 Doapps Cryptographic Issues vulnerability in Doapps GO MSX MLS 2.3.4.Mr3

The Go MSX MLS (aka com.doapps.android.realestate.RE_16b9c09c4d5b0e174208f35e7c49f9a0) application 2.3.4.MR3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7643 Crgroup LB Cryptographic Issues vulnerability in Crgroup-Lb C.R. Group 1

The C.R.

5.4
2014-10-21 CVE-2014-7642 Pegasus Airlines Project Cryptographic Issues vulnerability in Pegasus Airlines Project Pegasus Airlines 0.84.13503.96707

The Pegasus Airlines (aka com.wPegasusAirlines) application 0.84.13503.96707 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7640 Hotel Room Cryptographic Issues vulnerability in Hotel-Room Hotel Room 0.1

The Hotel Room (aka com.wHotelRoom) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7638 Nobexrc Cryptographic Issues vulnerability in Nobexrc Fabuestereo 88.1 FM 3.2.3

The Fabuestereo 88.1 FM (aka com.nobexinc.wls_27892411.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7636 Unitedhawknation Cryptographic Issues vulnerability in Unitedhawknation United Hawk Nation 2.1

The United Hawk Nation (aka com.united12thman) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7634 Adopt O PET Project Cryptographic Issues vulnerability in Adopt O PET Project Adopt O PET 0.1

The Adopt O Pet (aka com.wFindAPet) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7633 Tappocket Cryptographic Issues vulnerability in Tappocket Dino ZOO 1.5

The Dino Zoo (aka com.tappocket.dinozoostar) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7632 News Revolution Bahrain Project Cryptographic Issues vulnerability in News Revolution - Bahrain Project News Revolution - Bahrain 3.2

The news revolution - bahrain (aka com.news.revolution.BH) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7631 Texasweddingmall Cryptographic Issues vulnerability in Texasweddingmall Villa Antonia 1

The Villa Antonia (aka com.appbuilder.u7p5019) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7630 Candycaneapps Cryptographic Issues vulnerability in Candycaneapps Fling Gold 1.1.3

The Fling Gold (aka com.mbgames.fling.gold) application 1.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7629 Dublabs Cryptographic Issues vulnerability in Dublabs Yulman Stadium 1.4.25

The Yulman Stadium (aka com.dub.app.tulanestadium) application 1.4.25 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-7628 Priorswood Cryptographic Issues vulnerability in Priorswood Acorn Comms 3

The Acorn Comms (aka com.acorncomms.app) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-4906 Playstudio Cryptographic Issues vulnerability in Playstudio Brisbane & Queensland Alert 2

The Brisbane & Queensland Alert (aka com.queensland.alert) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-4905 Cleaninternet Cryptographic Issues vulnerability in Cleaninternet Clean Internet Browser 1.36

The Clean Internet Browser (aka com.cleantab.browsesecure) application 1.36 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-4904 Crossmo Cryptographic Issues vulnerability in Crossmo Calendar 1.7.1

The Crossmo Calendar (aka com.crossmo.calendar) application 1.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-4903 Mocoga Cryptographic Issues vulnerability in Mocoga Kakao Bingo Garden 1.0.14

The Kakao Bingo Garden (aka com.mocoga.bingogarden) application 1.0.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-4901 Tradingandinvesting4U Cryptographic Issues vulnerability in Tradingandinvesting4U Bond Trading 197705

The Bond Trading (aka com.appmakr.app613309) application 197705 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-4900 MIG Cryptographic Issues vulnerability in MIG Migme 4.03.002

The migme (aka com.projectgoth) application 4.03.002 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-4899 Magzter Cryptographic Issues vulnerability in Magzter Indian Cement Review 3.01

The Indian Cement Review (aka com.magzter.indiancementreview) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-4898 Upasanhar Cryptographic Issues vulnerability in Upasanhar Harivijay 4

The Harivijay (aka com.upasanhar.marathi.harivijay) application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-4897 Magzter Cryptographic Issues vulnerability in Magzter Touriosity Travelmag 3.1

The Touriosity Travelmag (aka com.magzter.touriositytravelmag) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-4896 Mobileappspartner Cryptographic Issues vulnerability in Mobileappspartner Parque Imperial 1.02

The Parque Imperial (aka com.a792139893520606f84b2188a.a23428594a) application 1.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-4895 Herpin Time Radio Project Cryptographic Issues vulnerability in Herpin Time Radio Project Herpin Time Radio 2

The Herpin Time Radio (aka com.herpin.time.radio) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-4894 Mymetro Project Cryptographic Issues vulnerability in Mymetro Project Mymetro 2.4.7

The MyMetro (aka com.myrippleapps.mymetro) application 2.4.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-4892 Ucontrol Cryptographic Issues vulnerability in Ucontrol Smart Home Automation 1.2

The uControl Smart Home Automation (aka de.ucontrol) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-4891 Ctihub Cryptographic Issues vulnerability in Ctihub CT Ihub 1

The CT iHub (aka com.concursive.ctihub) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-4890 Magzter Cryptographic Issues vulnerability in Magzter Nano Digest 3

The Nano Digest (aka com.magzter.nanodigest) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-4889 Diabetic Diet Guide Project Cryptographic Issues vulnerability in Diabetic Diet Guide Project Diabetic Diet Guide 2.1

The Diabetic Diet Guide (aka com.wDiabeticDietGuide) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-4888 Tequilagames Cryptographic Issues vulnerability in Tequilagames Battlefriends AT SEA Gold 1.1.0

The BattleFriends at Sea GOLD (aka com.tequilamobile.warshipslivegold) application 1.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-4887 Nobexrc Cryptographic Issues vulnerability in Nobexrc Joint Radio Blues 3.2.3

The Joint Radio Blues (aka com.nobexinc.wls_69685189.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-4885 Closeprotectionworld Cryptographic Issues vulnerability in Closeprotectionworld Cpworld Close Protection World 3.4.4

The CPWORLD Close Protection World (aka com.tapatalk.closeprotectionworldcom) application 3.4.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-21 CVE-2014-4884 Conrad Hotel Project Cryptographic Issues vulnerability in Conrad Hotel Project Conrad Hotel 0.1

The Conrad Hotel (aka com.wConradHotel) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7626 Atme Cryptographic Issues vulnerability in Atme 1.0.10

The Atme (aka com.bedigital.atme) application 1.0.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7624 Aiadp Cryptographic Issues vulnerability in Aiadp Guess the Pixel Character Quiz 1.3

The Guess the Pixel Character Quiz (aka com.aiadp.pixelcQuiz) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7622 Affinitycu Cryptographic Issues vulnerability in Affinitycu Affinity Mobile ATM Locator 1.5

The Affinity Mobile ATM Locator (aka com.collegemobile.affinity.locator) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7621 EIN Lookup Project Cryptographic Issues vulnerability in EIN Lookup Project EIN Lookup 1.1

The EIN Lookup (aka appinventor.ai_siwanuth.EINLookup) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7620 Authorsontourlive Cryptographic Issues vulnerability in Authorsontourlive Authors ON Tour - Live! 4

The Authors On Tour - Live! (aka com.appmakr.app122286) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7618 Moderndecoration Cryptographic Issues vulnerability in Moderndecoration Interior Design 1

The Interior Design (aka com.interior.design.mcreda) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7617 Roads365 Cryptographic Issues vulnerability in Roads365 Www.Roads365.Com 1.0.1

The www.roads365.com (aka ydx.android) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7616 Physicsforums Cryptographic Issues vulnerability in Physicsforums Physics Forums 3.9.22

The Physics Forums (aka com.tapatalk.physicsforumscom) application 3.9.22 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7614 Warrior Beach Retreat Project Cryptographic Issues vulnerability in Warrior Beach Retreat Project Warrior Beach Retreat 0.1

The Warrior Beach Retreat (aka com.wWarriorBeachRetreat) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7613 Pocketmags Cryptographic Issues vulnerability in Pocketmags Wasps Official Programmes @7F080130

The WASPS Official Programmes (aka com.triactivemedia.wasps) application @7F080130 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7612 E Kiosk Cryptographic Issues vulnerability in E-Kiosk 1.74

The e-Kiosk (aka com.ekioskreader.android.pdfviewer) application 1.74 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7611 Lost Temple Project Cryptographic Issues vulnerability in Lost Temple Project Lost Temple 1.6

The Lost Temple (aka com.crazy.game.good.mengchenglu.templeI) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7610 Kadinlar Kulubu Kkmobileapp Project Cryptographic Issues vulnerability in Kadinlar Kulubu Kkmobileapp Project Kadinlar Kulubu Kkmobileapp 3.4.3

The Kadinlar Kulubu KKMobileApp (aka com.tapatalk.kadinlarkulubucom) application 3.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7609 Miniclip Cryptographic Issues vulnerability in Miniclip Istunt 2 1.1.2

The iStunt 2 (aka com.miniclip.istunt2) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7608 Carrierenterprise Cryptographic Issues vulnerability in Carrierenterprise Carrier Enterprise Hvac Assist 4

The Carrier Enterprise HVAC Assist (aka com.es.CE) application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7607 Swamiji Cryptographic Issues vulnerability in Swamiji Swamiji.Tv 2

The Swamiji.tv (aka org.yidl.SwamijiTV) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7606 Concursive Cryptographic Issues vulnerability in Concursive 2.1

The Concursive (aka com.concursive.app) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7605 Actorskey Cryptographic Issues vulnerability in Actorskey Actors KEY 1.6.24.477

The Actors Key (aka com.conduit.app_f83daeb6861b401bb103c33ea4210029.app) application 1.6.24.477 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7604 Easy Tips FOR Glowing Skin Project Cryptographic Issues vulnerability in Easy Tips FOR Glowing Skin Project Easy Tips for Glowing Skin 1

The Easy Tips For Glowing Skin (aka com.n.easytipsforglowingskin) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7603 Graveydesign Cryptographic Issues vulnerability in Graveydesign Gravey Design 0.58.13357.54919

The Gravey Design (aka com.dreamstep.wGraveyDesign) application 0.58.13357.54919 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7602 Pocketmags Cryptographic Issues vulnerability in Pocketmags Front @7F08017A

The FRONT (aka com.magazinecloner.front) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7598 Poker Puzzle Project Cryptographic Issues vulnerability in Poker Puzzle Project Poker Puzzle 1.0.0

The Poker Puzzle (aka com.sharpiq.pokerpuzzle) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7597 Gowkster Cryptographic Issues vulnerability in Gowkster Fabulas Infantiles 3.0.0

The Fabulas Infantiles (aka com.mobincube.android.sc_9I1A3) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7596 Paramore Project Cryptographic Issues vulnerability in Paramore Project Paramore 2.3.4

The Paramore (aka uk.co.pixelkicks.paramore) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7595 Devada Project Cryptographic Issues vulnerability in Devada Project Devada 1.2

The devada.co.uk (aka com.wdevadacouk) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7593 Appytimes Cryptographic Issues vulnerability in Appytimes MR Whippet - Yorkshire ICE 1.1

The Mr Whippet - Yorkshire Ice (aka com.appytimes.ice) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7592 Fanshawec Cryptographic Issues vulnerability in Fanshawec FOL 3.0.729.1459

The FOL (aka com.desire2learn.fol.mobile.app.campuslife.directory) application 3.0.729.1459 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7591 Ireadercity Cryptographic Issues vulnerability in Ireadercity Demon 3.0.2

The Demon (aka com.ireadercity.c24) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7590 Webpromoexperts Cryptographic Issues vulnerability in Webpromoexperts 1.8

The WebPromoExperts (aka ua.com.webpromoexperts) application 1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7589 Icbc Cryptographic Issues vulnerability in Icbc Industrial and Commercial Bank of China 2.4

The Industrial and Commercial Bank of China (ICBC) Banking (aka com.icbc.android) application 2.40 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7587 Designtoolkits Cryptographic Issues vulnerability in Designtoolkits Blocked in Free 1

The Blocked in Free (aka com.blueup.blocked) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7585 Gcspublishing Cryptographic Issues vulnerability in Gcspublishing Biplane Forum 3.7.14

The Biplane Forum (aka com.gcspublishing.biplaneforum) application 3.7.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7584 Dataparadigm Cryptographic Issues vulnerability in Dataparadigm Acn2Go 1.7

The ACN2GO (aka com.dataparadigm.acnmobile) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7582 C2Ae Cryptographic Issues vulnerability in C2Ae Water Lateral Sizer 1.2

The Water Lateral Sizer (aka com.wWaterLateralSizer) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7581 Quotes OF Travis Barker Project Cryptographic Issues vulnerability in Quotes of Travis Barker Project Quotes of Travis Barker 0.0.1

The Quotes of Travis Barker (aka com.celebrity_quotes.travisbarker) application 0.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7580 Thailand Investor News Project Cryptographic Issues vulnerability in Thailand Investor News Project Thailand Investor News 1.39S

The Thailand Investor News (aka nudecreative.thaistock.set) application 1.39s for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7578 Biebernoticias Cryptographic Issues vulnerability in Biebernoticias Bieber News NOW 12.0.5

The Bieber News Now (aka com.jbnews) application 12.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7577 Bandh Cryptographic Issues vulnerability in Bandh B&H Photo Video PRO Audio 2.5.1

The B&H Photo Video Pro Audio (aka com.bhphoto) application 2.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7576 Phimviethoa Cryptographic Issues vulnerability in Phimviethoa Chien Binh Bakugan 2 Longtieng 2

The Chien Binh Bakugan 2 LongTieng (aka com.htv.chien.binh.bakugan.ii.hanh.trinh.moi.long.tieng) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7575 Ebiblio Cryptographic Issues vulnerability in Ebiblio Andalucia 1.6.5

The eBiblio Andalucia (aka com.bqreaders.reader.ebiblioandalucia) application 1.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7573 Harvestyourdata Cryptographic Issues vulnerability in Harvestyourdata Droid Survey Offline Forms 2.5.2

The droid Survey Offline Forms (aka com.contact.droidSURVEY) application 2.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7572 Fallacystudios Cryptographic Issues vulnerability in Fallacystudios Stoner'S Handbook L- BUD Guide 7.2

The Stoner's Handbook L- Bud Guide (aka fallacystudios.stonershandbooklite) application 7.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7571 Grey S Anatomy FAN Project Cryptographic Issues vulnerability in Grey'S Anatomy FAN Project Grey'S Anatomy FAN 3.7.2

The Grey's Anatomy Fan (aka nl.jborsje.android.tvfan.greysanatomy) application 3.7.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7570 Fire Equipments Screen Lock Project Cryptographic Issues vulnerability in Fire Equipments Screen Lock Project Fire Equipments Screen Lock 1.1

The Fire Equipments Screen lock (aka com.locktheworld.screen.lock.theme.FireEquipments) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7569 Bestapp Cryptographic Issues vulnerability in Bestapp Best Greatness Quotes 1

The Best Greatness Quotes (aka best.free.greatness.quotes.android.app) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7568 Automon Cryptographic Issues vulnerability in Automon Marcus Butler Unofficial 1.4.0.6

The Marcus Butler Unofficial (aka com.automon.ay.marcus.butler) application 1.4.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7567 Webges Cryptographic Issues vulnerability in Webges Imig 2012 1.0.0

The iMig 2012 (aka com.webges.imig) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7566 Abtei Neuburg Cryptographic Issues vulnerability in Abtei-Neuburg Stift Neuburg 1.1

The Stift Neuburg (aka de.appack.project.neuburg) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7565 GMT Editions Cryptographic Issues vulnerability in Gmt-Editions Rando Noeux 1.0.0

The Rando Noeux (aka com.gmteditions.NoeuxLesMinesDistrib) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7564 Bookformobile Cryptographic Issues vulnerability in Bookformobile Simple CAR Care TIP and Advice 1.03

The Simple Car Care Tip and Advice (aka com.a1481542198504ee106f182c8a.a40350826a) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7563 Tacticalforcellc Cryptographic Issues vulnerability in Tacticalforcellc Tactical Force LLC 1.9.23.276

The Tactical Force LLC (aka com.conduit.app_69f61a8852b046f2846054b30c4032a7.app) application 1.9.23.276 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7562 Healthadvocate Cryptographic Issues vulnerability in Healthadvocate Health Advocate Smarthelp 3.6

The Health Advocate SmartHelp (aka com.healthadvocate.ui) application 3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7560 Fabasoft Cryptographic Issues vulnerability in Fabasoft Cloud 3.0.1

The Fabasoft Cloud (aka com.fabasoft.android.cmis.folio_cloud) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7559 Instatalks Cryptographic Issues vulnerability in Instatalks 1.3.1

The InstaTalks (aka com.natrobit.instatalks) application 1.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7558 Everest Poker Project Cryptographic Issues vulnerability in Everest Poker Project Everest Poker 0.1

The Everest Poker (aka com.wEverestPoker) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7557 Zroadster Cryptographic Issues vulnerability in Zroadster Zroadster.Com 2.4.13.17

The zroadster.com (aka com.tapatalk.zroadstercomforum) application 2.4.13.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7555 Apparound Cryptographic Issues vulnerability in Apparound Blend 4.9.0

The Apparound BLEND (aka com.apparound.mobile.catalogo) application 4.9.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7554 Bouqs Flowers Simplified Project Cryptographic Issues vulnerability in Bouqs - Flowers Simplified Project Bouqs - Flowers Simplified 1.8.4

The Bouqs - Flowers Simplified (aka com.bouqs.activity) application 1.8.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7553 Getnycelightworks Cryptographic Issues vulnerability in Getnycelightworks GET Nyce Lightworks 0.84.13506.98953

The GET NYCE Lightworks (aka com.wGETNYCE) application 0.84.13506.98953 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7552 129Zou Cryptographic Issues vulnerability in 129Zou Zombie Diary 1.2.2

The Zombie Diary (aka com.ezjoy.feelingtouch.zombiediary) application 1.2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7551 Avexim Cryptographic Issues vulnerability in Avexim Noticias Bebes Beybies 1

The Noticias Bebes Beybies (aka com.beybies) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7550 Basketball News Videos Project Cryptographic Issues vulnerability in Basketball News & Videos Project Basketball News & Videos 1

The basketball news & videos (aka com.basketbal.news.caesar) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7547 Fpinternet Cryptographic Issues vulnerability in Fpinternet Texas Poker Unlimited Hold'Em 1.2.0

The Texas Poker Unlimited Hold'em (aka com.fpinternet.texaspokerunlimitedholdem) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7546 Buddhist Prayer Project Cryptographic Issues vulnerability in Buddhist Prayer Project Buddhist Prayer 3

The Buddhist Prayer (aka com.buddhist.prayer.mantra.sutra) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7544 Narr8 Cryptographic Issues vulnerability in Narr8 Secret City - Motion Comic 2.1.7

The Secret City - Motion Comic (aka me.narr8.android.serial.the_secret_city) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7543 Bloodjournal Cryptographic Issues vulnerability in Bloodjournal Blood 2.1

The Blood (aka com.sheridan.ash) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7542 Staperpetua Cryptographic Issues vulnerability in Staperpetua L'Informatiu 2

The l'Informatiu (aka com.linformatiu.spm) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7539 Zhang Zhijun Taiwan Visit 2014 06 25 Project Cryptographic Issues vulnerability in Zhang Zhijun Taiwan Visit 2014-06-25 Project Zhang Zhijun Taiwan Visit 2014-06-25 1.0

The Zhang Zhijun Taiwan Visit 2014-06-25 (aka com.zizizzi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7538 Headlines News India Project Cryptographic Issues vulnerability in Headlines News India Project Headlines News India 0.21.13219.95110

The Headlines news India (aka com.dreamstep.wHEADLINESNEWSINDIA) application 0.21.13219.95110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7536 Serviceacademyforums Cryptographic Issues vulnerability in Serviceacademyforums Service Academy Forums 3.6.12

The Service Academy Forums (aka com.tapatalk.serviceacademyforumscom) application 3.6.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7535 Pocketmags Cryptographic Issues vulnerability in Pocketmags Classic Racer @7F0801Aa

The Classic Racer (aka com.triactivemedia.classicracer) application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7534 Buydot Cryptographic Issues vulnerability in Buydot Funny & Interesting Things 0.1

The Funny & Interesting Things (aka com.wFunnyandInterestingThings) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7533 Notredame Cryptographic Issues vulnerability in Notredame Seguradora 1.2

The NotreDame Seguradora (aka br.com.notredame.mobile.NotreDame) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7532 Greenecosystem Cryptographic Issues vulnerability in Greenecosystem GES Agri Connect 0.1

The GES Agri Connect (aka com.wAgriConnect) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7530 Myapp Cryptographic Issues vulnerability in Myapp Prix Import 1

The PRIX IMPORT (aka com.myapphone.android.myapppriximport) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7529 Streamingidiot Cryptographic Issues vulnerability in Streamingidiot Bodyguard for Hire 0.18.13146.42280

The Bodyguard for Hire (aka com.dreamstep.wBodyGuardforHire) application 0.18.13146.42280 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7528 Apptive Cryptographic Issues vulnerability in Apptive Horsepower 2.10.11

The Horsepower (aka com.apptive.android.apps.horsepower) application 2.10.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7527 Savage Nation Mobile WEB Project Cryptographic Issues vulnerability in Savage Nation Mobile web Project Savage Nation Mobile web 0.57.13354.63350

The Savage Nation Mobile Web (aka com.wSavageNation) application 0.57.13354.63350 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7526 Immunize Cryptographic Issues vulnerability in Immunize Canada 1.0.1

The Immunize Canada (aka ca.ohri.immunizeapp) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7525 Okacloud Cryptographic Issues vulnerability in Okacloud Domain Name Search & web Host 0.64.13398.55733

The Domain Name Search & Web Host (aka com.wDomainNameSearchandRegistration) application 0.64.13398.55733 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7524 BED AND Breakfast Project Cryptographic Issues vulnerability in BED and Breakfast Project BED and Breakfast 0.1

The Bed and Breakfast (aka com.wbedandbreakfastapp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7523 Islamicode Cryptographic Issues vulnerability in Islamicode Radio Bethlehem Rb2000 1

The Radio Bethlehem RB2000 (aka com.Abuhadbah.rbl2000v2) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7522 Maccabi4U Cryptographic Issues vulnerability in Maccabi4U Maccabi Pakal 1.2

The Maccabi Pakal (aka com.ideomobile.pakalmaccabi) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7521 Mobiloapps Cryptographic Issues vulnerability in Mobiloapps Anderson Musaamil 1.4

The Anderson Musaamil (aka com.app_andersonmusaamil.layout) application 1.400 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7520 Nova921 Cryptographic Issues vulnerability in Nova921 Nova 92.1 FM 1

The Nova 92.1 FM (aka com.wNova921FM) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7519 Cyclingforfun Cryptographic Issues vulnerability in Cyclingforfun Cycling Manager Game CFF 1

The Cycling Manager Game Cff (aka com.CyclingManagerGame) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7518 Core Apps Cryptographic Issues vulnerability in Core-Apps Bowl Expo 2014 6.1.1.5

The Bowl Expo 2014 (aka com.coreapps.android.followme.bowlexpo14) application 6.1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7517 Myanmar Movies HD Project Cryptographic Issues vulnerability in Myanmar Movies HD Project Myanmar Movies HD 0.1

The Myanmar Movies HD (aka com.wmyanmarmoviesHD) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7516 Canadapps Cryptographic Issues vulnerability in Canadapps Central East Lhin News 0.1

The Central East LHIN News (aka com.wCentralEastLHINNews) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7515 Onesolutionapps Cryptographic Issues vulnerability in Onesolutionapps Bail Bonds 1.1

The Bail Bonds (aka com.onesolutionapps.chadlewisbailbondsandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7513 Appbelle Cryptographic Issues vulnerability in Appbelle TOP Hangover Cures 1.2

The Top Hangover Cures (aka com.TopHangoverCures) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7510 Present Technologies Cryptographic Issues vulnerability in Present-Technologies Graffit IT 1.1.2

The Graffit It (aka com.presenttechnologies.graffitit) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7509 Ireadercity Cryptographic Issues vulnerability in Ireadercity A Very Short History of Japan 3.0.2

The A Very Short History of Japan (aka com.ireadercity.c51) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7508 Childrens Cryptographic Issues vulnerability in Childrens Help for DOC 1

The Help For Doc (aka com.childrens.physician.relations) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7507 Androidcommunity Cryptographic Issues vulnerability in Androidcommunity Hector Leal 13.08.14

The Hector Leal (aka ad.hector.leal.com) application 13/08/14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7506 Imapp Cryptographic Issues vulnerability in Imapp Realtime Music Rank 5.5

The Realtime Music Rank (aka com.blogspot.imapp.immusicrank2) application 5.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7505 Apptalk Project Cryptographic Issues vulnerability in Apptalk Project Apptalk 1.4.8

The AppTalk (aka com.chatatami.apptalk) application 1.4.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7502 Escucha Eldiario Project Cryptographic Issues vulnerability in Escucha Eldiario Project Escucha Eldiario 1.2.3

The Escucha elDiario.es (aka es.lacabradev.escuchaeldiario) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7501 Translation Widget Project Cryptographic Issues vulnerability in Translation Widget Project Translation Widget 0.1

The Translation Widget (aka com.wTranslationGadget) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7499 Ireadercity Cryptographic Issues vulnerability in Ireadercity Sword 3.0.2

The Sword (aka com.ireadercity.c25) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7498 Xaos Cryptographic Issues vulnerability in Xaos Space Cinema 2.0.6

The Space Cinema (aka it.thespacecinema.android) application 2.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7497 Portfolium Project Cryptographic Issues vulnerability in Portfolium Project Portfolium 0.1

The Portfolium (aka com.wPortfolium) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7495 Logosquest Beginnings Project Cryptographic Issues vulnerability in Logosquest - Beginnings Project Logosquest - Beginnings 1.0

The LogosQuest - Beginnings (aka com.wLogosQuest) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7494 Getscoop Cryptographic Issues vulnerability in Getscoop Kontan Kiosk @7F07025E

The Kontan Kiosk (aka com.appsfoundry.scoopwl.id.kontankiosk) application @7F07025E for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7493 Ireadercity Cryptographic Issues vulnerability in Ireadercity 100 Books 3.0.2

The 100 Books (aka com.ireadercity.c20) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7492 Tejonstore Cryptographic Issues vulnerability in Tejonstore Secretos DE Belleza 1

The Secretos de belleza (aka com.rareartifact.secretosdebelleza83A55CB8) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7491 Ireadercity Cryptographic Issues vulnerability in Ireadercity Short Stories 3.0.2

The Short Stories (aka com.ireadercity.c48) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7490 Magzter Cryptographic Issues vulnerability in Magzter Menaka - Marathi 3

The Menaka - Marathi (aka com.magzter.menakamarathi) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7488 Highlighterstudio Cryptographic Issues vulnerability in Highlighterstudio Vineyard ALL in 0.1

The Vineyard All In (aka com.wVineyardAllIn) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7487 Pocketmags Cryptographic Issues vulnerability in Pocketmags ADT Aesthetic Dentistry Today @7F080181

The ADT Aesthetic Dentistry Today (aka com.magazinecloner.aestheticdentistry) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7486 Mitsubishicars Cryptographic Issues vulnerability in Mitsubishicars Mitsubishi Road Assist 1

The Mitsubishi Road Assist (aka com.agero.mitsubishi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7485 Tinytap Cryptographic Issues vulnerability in Tinytap NOT Lost Just Somewhere Else 1.6.1

The Not Lost Just Somewhere Else (aka it.tinytap.attsa.notlost) application 1.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-20 CVE-2014-7484 Enyetech Cryptographic Issues vulnerability in Enyetech Coca-Cola FM Guatemala 2.0.41725

The Coca-Cola FM Guatemala (aka com.enyetech.radio.coca_cola.fm_gu) application 2.0.41725 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-10-26 CVE-2013-6796 Deeproot Linux Permissions, Privileges, and Access Controls vulnerability in Deeproot Linux Deepofix

The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind.

5.0
2014-10-26 CVE-2014-6099 IBM Credentials Management vulnerability in IBM Sterling B2B Integrator 5.2/5.2.4

The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to obtain admin access via a brute-force approach.

5.0
2014-10-25 CVE-2014-4624 Avamar Virtual Edition Permissions, Privileges, and Access Controls vulnerability in Avamar Virtual Edition products

EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.

5.0
2014-10-25 CVE-2014-8760 Process ONE Cryptographic Issues vulnerability in Process-One Ejabberd

ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption.

5.0
2014-10-23 CVE-2014-4766 IBM Information Exposure vulnerability in IBM Classic Meeting Server

IBM Sametime Classic Meeting Server 8.0.x and 8.5.x allows remote attackers to obtain sensitive information by reading an exported Record and Playback (RAP) file.

5.0
2014-10-22 CVE-2014-8764 Mageia Project
Dokuwiki
Improper Authentication vulnerability in multiple products

DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.

5.0
2014-10-22 CVE-2014-8763 Dokuwiki
Mageia Project
Improper Authentication vulnerability in multiple products

DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.

5.0
2014-10-22 CVE-2014-8762 Dokuwiki Information Exposure vulnerability in Dokuwiki

The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter.

5.0
2014-10-22 CVE-2014-8761 Dokuwiki Information Exposure vulnerability in Dokuwiki

inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call.

5.0
2014-10-22 CVE-2014-8088 Zend Improper Authentication vulnerability in Zend Framework

The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.

5.0
2014-10-22 CVE-2014-7968 Redhat Cryptographic Issues vulnerability in Redhat Virtual Desktop Service Manager

VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open.

5.0
2014-10-22 CVE-2014-6387 Mantisbt Improper Authentication vulnerability in Mantisbt

gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.

5.0
2014-10-22 CVE-2014-3675 Redhat Out-Of-Bounds Read vulnerability in Redhat Shim

Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.

5.0
2014-10-21 CVE-2014-4577 Websupporter Path Traversal vulnerability in Websupporter WP Amasin - the Amazon Affiliate Shop 0.9.6

Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter.

5.0
2014-10-21 CVE-2012-5243 Bananadance Permissions, Privileges, and Access Controls vulnerability in Bananadance Banana Dance 0.9/1.5

functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

5.0
2014-10-20 CVE-2012-5696 Bulbsecurity Permissions, Privileges, and Access Controls vulnerability in Bulbsecurity Smartphone Pentest Framework 0.1.2

Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request.

5.0
2014-10-20 CVE-2014-5094 Status2K Information Exposure vulnerability in Status2K

Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function.

5.0
2014-10-20 CVE-2014-6308 Osclass Path Traversal vulnerability in Osclass

Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a ..

5.0
2014-10-24 CVE-2014-7298 Centrify Permissions, Privileges, and Access Controls vulnerability in Centrify Suite and Directcontrol

adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.

4.9
2014-10-26 CVE-2014-5148 XEN Buffer Errors vulnerability in XEN 4.4.0/4.4.1

Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit userspace, which allows local guest users to cause a denial of service (crash) and possibly gain privileges via a crafted process.

4.6
2014-10-25 CVE-2014-1928 Python Gnupg Project Improper Input Validation vulnerability in Python-Gnupg Project Python-Gnupg 0.3.5

The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulnerability than CVE-2014-1927.

4.6
2014-10-25 CVE-2014-7180 Electric Cloud Permissions, Privileges, and Access Controls vulnerability in Electric Cloud Electriccommander

Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files.

4.6
2014-10-20 CVE-2012-5697 Bulbsecurity Permissions, Privileges, and Access Controls vulnerability in Bulbsecurity Smartphone Pentest Framework 0.1.2

The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files.

4.6
2014-10-25 CVE-2014-1929 Python Gnupg Project Improper Input Validation vulnerability in Python-Gnupg Project Python-Gnupg 0.3.5/0.3.6

python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.

4.4
2014-10-26 CVE-2014-6635 Exponentcms Cross-Site Scripting vulnerability in Exponentcms Exponent CMS 2.3.0

Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php.

4.3
2014-10-25 CVE-2013-4594 Payment FOR Webform Project Improper Authentication vulnerability in Payment FOR Webform Project Payment FOR Webform

The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment.

4.3
2014-10-25 CVE-2014-6611 Blackberry Improper Input Validation vulnerability in Blackberry OS and Blackberry World

The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigger the download of a crafted app by modifying the client-server data stream.

4.3
2014-10-25 CVE-2014-4623 EMC Cryptographic Issues vulnerability in EMC Avamar

EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.

4.3
2014-10-25 CVE-2014-6230 WP BAN Project Improper Input Validation vulnerability in WP BAN Project WP BAN 1.6.3

WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header.

4.3
2014-10-23 CVE-2014-8071 Openmrs Cross-Site Scripting vulnerability in Openmrs 2.1

Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to allergyui/allergy.page; the (6) w10 parameter to htmlformentryui/htmlform/enterHtmlForm/submit.action; the (7) HTTP Referer Header to login.htm; the (8) returnUrl parameter to htmlformentryui/htmlform/enterHtmlFormWithStandardUi.page or (9) coreapps/mergeVisits.page; or the (10) visitId parameter to htmlformentryui/htmlform/enterHtmlFormWithSimpleUi.page.

4.3
2014-10-22 CVE-2014-8381 Megapolis Cross-Site Scripting vulnerability in Megapolis Megapolis.Portal Manager

Multiple cross-site scripting (XSS) vulnerabilities in Megapolis.Portal Manager allow remote attackers to inject arbitrary web script or HTML via the (1) dateFrom or (2) dateTo parameter.

4.3
2014-10-22 CVE-2014-7183 Litecart Cross-Site Scripting vulnerability in Litecart

Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING.

4.3
2014-10-22 CVE-2014-7182 Wpgmaps Cross-Site Scripting vulnerability in Wpgmaps Wordpress Google Maps Plugin

Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in an (1) edit_poly, (2) edit_polyline, or (3) edit_marker action in the wp-google-maps-menu page to wp-admin/admin.php.

4.3
2014-10-21 CVE-2014-8380 Splunk Cross-Site Scripting vulnerability in Splunk 6.1.1

Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response.

4.3
2014-10-21 CVE-2014-8377 Webasyst Cross-Site Scripting vulnerability in Webasyst Shop-Script 5.2.2.30933

Cross-site scripting (XSS) vulnerability in Webasyst Shop-Script 5.2.2.30933 allows remote attackers to inject arbitrary web script or HTML via the phone number field in a new contact to phpecom/index.php/webasyst/contacts/.

4.3
2014-10-21 CVE-2014-7280 Tenable Cross-Site Scripting vulnerability in Tenable web UI 2.3.3

Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header.

4.3
2014-10-21 CVE-2014-4517 CBI Referral Manager Project Cross-Site Scripting vulnerability in CBI Referral Manager Project CBI Referral Manager 1.2.1

Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the CBI Referral Manager plugin 1.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the searchString parameter.

4.3
2014-10-21 CVE-2014-4514 Alipay Project Cross-Site Scripting vulnerability in Alipay Project Alipay 3.6.0

Cross-site scripting (XSS) vulnerability in includes/api_tenpay/inc.tenpay_notify.php in the Alipay plugin 3.6.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to the getDebugInfo function.

4.3
2014-10-21 CVE-2012-5702 Dotproject Cross-Site Scripting vulnerability in Dotproject 2.1.6

Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to index.php.

4.3
2014-10-20 CVE-2014-8365 Xornic Cross-Site Scripting vulnerability in Xornic Contact US 1.0

Multiple cross-site scripting (XSS) vulnerabilities in Xornic Contact Us allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) email parameter to contact.php or (3) PATH_INFO to setup.php, related to the "PHP_SELF" variable.

4.3
2014-10-20 CVE-2014-3863 J Extensions Store Cross-Site Scripting vulnerability in J!Extensions Store Jchatsocial 2.2

Cross-site scripting (XSS) vulnerability in the JChatSocial component before 2.3 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the filename parameter in a file upload in an active JChat chat window.

4.3
2014-10-20 CVE-2014-8364 TIM Rohrer Cross-Site Scripting vulnerability in TIM Rohrer Wordpress Spreadsheet Plugin 0.62

Cross-site scripting (XSS) vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ss_id parameter.

4.3
2014-10-20 CVE-2014-3830 Tomatocart Cross-Site Scripting vulnerability in Tomatocart 1.1.8.6.1

Cross-site scripting (XSS) vulnerability in info.php in TomatoCart 1.1.8.6.1 allows remote attackers to inject arbitrary web script or HTML via the faqs_id parameter.

4.3
2014-10-20 CVE-2014-5098 Jamroom Cross-Site Scripting vulnerability in Jamroom Search Module

Cross-site scripting (XSS) vulnerability in the Search module before 1.2.2 in Jamroom allows remote attackers to inject arbitrary web script or HTML via the query string to search/results/.

4.3
2014-10-20 CVE-2012-5866 Achievo Cross-Site Scripting vulnerability in Achievo 1.4.5

Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter.

4.3
2014-10-20 CVE-2014-6280 Osclass Cross-Site Scripting vulnerability in Osclass

Multiple cross-site scripting (XSS) vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action or (2) nsextt parameter to oc-admin/index.php or the (3) nsextt parameter in an items_reported action to oc-admin/index.php.

4.3
2014-10-20 CVE-2012-2413 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.

4.3
2014-10-23 CVE-2014-8072 Openmrs Permissions, Privileges, and Access Controls vulnerability in Openmrs 2.1

The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin.

4.0

22 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-10-25 CVE-2014-0476 Chkrootkit
Canonical
Improper Input Validation vulnerability in multiple products

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable.

3.7
2014-10-25 CVE-2014-6152 IBM Cross-Site Scripting vulnerability in IBM Tivoli Integrated Portal 2.1/2.2

Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Integrated Portal (TIP) 2.2.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2014-10-25 CVE-2014-6151 IBM Improper Input Validation vulnerability in IBM Tivoli Integrated Portal 2.1/2.2

CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

3.5
2014-10-25 CVE-2014-2021 Vbulletin Cross-Site Scripting vulnerability in Vbulletin

Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name.

3.5
2014-10-21 CVE-2014-3111 Fogproject Cross-Site Scripting vulnerability in Fogproject FOG

Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 through 0.32 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Printer Model field to the Printer Management page, (2) Image Name field to the Image Management page, (3) Storage Group Name field to the Storage Management page, (4) Username field to the User Cleanup FOG Configuration page, or (5) Directory Path field to the Directory Cleaner FOG Configuration page.

3.5
2014-10-21 CVE-2014-8379 Marketo MA Project Cross-Site Scripting vulnerability in Marketo MA Project Marketo MA 7.X1.3

Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the (1) Webform or (2) User sub-modules.

3.5
2014-10-21 CVE-2014-8378 Tablefield Project Cross-Site Scripting vulnerability in Tablefield Project Tablefield 7.X2.0/7.X2.1/7.X2.2

Cross-site scripting (XSS) vulnerability in the TableField module 7.x-2.x before 7.x-2.3 allows remote authenticated users with the "administer content types" or "administer taxonomy" permission to inject arbitrary web script or HTML via vectors related to the field help text in an entity edit form.

3.5
2014-10-21 CVE-2014-8376 Site Banner Project Cross-Site Scripting vulnerability in Site Banner Project Site Banner 7.X4.0

Cross-site scripting (XSS) vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the "Administer contexts" Context UI module permission to inject arbitrary web script or HTML via vectors related to context settings.

3.5
2014-10-20 CVE-2014-5169 Date Project Cross-Site Scripting vulnerability in Date Project Date 7.X2.7

Cross-site scripting (XSS) vulnerability in the Date module before 7.x-2.8 for Drupal allows remote authenticated users with the permission to create a date field to inject arbitrary web script or HTML via the date field title.

3.5
2014-10-20 CVE-2014-5026 Debian
Cacti
Opensuse
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action.

3.5
2014-10-20 CVE-2014-5025 Debian
Opensuse
Cacti
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action.

3.5
2014-10-20 CVE-2014-8330 Espocrm Cross-Site Scripting vulnerability in Espocrm

Cross-site scripting (XSS) vulnerability in EspoCRM allows remote authenticated users to inject arbitrary web script or HTML via the Name field in a new account.

3.5
2014-10-20 CVE-2014-5276 PRO Chat Rooms Cross-Site Scripting vulnerability in PRO Chat Rooms Text Chat Rooms 8.2.0

Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php.

3.5
2014-10-26 CVE-2014-6133 IBM Information Disclosure vulnerability in IBM API Management 3.0.0.0/3.0.0.1

IBM API Management 3.x before 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified vectors.

2.1
2014-10-25 CVE-2014-4620 Meditech
EMC
Information Exposure vulnerability in multiple products

The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.

2.1
2014-10-20 CVE-2014-5449 Zarafa Information Exposure vulnerability in Zarafa Webaccess and Webapp

Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.

2.1
2014-10-20 CVE-2014-5448 Zarafa Information Exposure vulnerability in Zarafa 5.00

Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files.

2.1
2014-10-20 CVE-2014-5447 Zarafa Information Exposure vulnerability in Zarafa Webapp and Zarafa

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files.

2.1
2014-10-25 CVE-2014-3636 D BUS Project
Opensuse
Resource Management Errors vulnerability in multiple products

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.

1.9
2014-10-22 CVE-2014-4450 Apple Credentials Management vulnerability in Apple Iphone OS

The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.

1.9
2014-10-22 CVE-2014-4448 Apple Cryptographic Issues vulnerability in Apple Iphone OS

House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

1.9
2014-10-26 CVE-2014-4812 IBM Information Exposure vulnerability in IBM Security Appscan Source

The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port.

1.8