Weekly Vulnerabilities Reports > October 20 to 26, 2014
Overview
385 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 385 products from 313 vendors including Magzter, Pocketmags, IBM, Redhat, and Ireadercity. Vulnerabilities are notably categorized as "Cryptographic Issues", "Cross-site Scripting", "SQL Injection", "Information Exposure", and "Permissions, Privileges, and Access Controls".
- 92 reported vulnerabilities are remotely exploitables.
- 14 reported vulnerabilities have public exploit available.
- 54 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 367 reported vulnerabilities are exploitable by an anonymous user.
- Magzter has the most reported vulnerabilities, with 16 reported vulnerabilities.
- Merethis has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
3 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-10-23 | CVE-2014-3829 | Merethis | Code Injection vulnerability in Merethis Centreon and Centreon Enterprise Server displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable. | 10.0 |
2014-10-23 | CVE-2014-3828 | Merethis | SQL Injection vulnerability in Merethis Centreon and Centreon Enterprise Server Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/. | 10.0 |
2014-10-20 | CVE-2014-8329 | Schrack | Improper Authentication vulnerability in Schrack products Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain access data for the ftp and telnet services via a direct request for ZTPUsrDtls.txt. | 10.0 |
18 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-10-26 | CVE-2013-1641 | Quixplorer | Path Traversal vulnerability in Quixplorer Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a .. | 7.8 |
2014-10-24 | CVE-2014-8346 | Samsung | Code Injection vulnerability in Samsung Findmymobile and Mobile The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic. | 7.8 |
2014-10-22 | CVE-2014-8325 | Calender Base Project | Resource Management Errors vulnerability in Calender Base Project Calender Base The Calendar Base (cal) extension before 1.5.9 and 1.6.x before 1.6.1 for TYPO3 allows remote attackers to cause a denial of service (resource consumption) via vectors related to the PHP PCRE library. | 7.8 |
2014-10-22 | CVE-2014-6352 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document. | 7.8 |
2014-10-26 | CVE-2014-5520 | Xrms CRM Project | SQL Injection vulnerability in Xrms CRM Project Xrms CRM 1.99.2 SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php. | 7.5 |
2014-10-26 | CVE-2013-7408 | F5 | Cryptographic Issues vulnerability in F5 Big-Ip Analytics F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value. | 7.5 |
2014-10-26 | CVE-2014-6037 | Zohocorp | Path Traversal vulnerability in Zohocorp Manageengine Eventlog Analyzer 8.2/9.0 Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. | 7.5 |
2014-10-25 | CVE-2014-1927 | Python Gnupg Project | Improper Input Validation vulnerability in Python-Gnupg Project Python-Gnupg 0.3.5 The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, a different vulnerability than CVE-2014-1928. | 7.5 |
2014-10-22 | CVE-2014-3677 | Redhat | Unspecified vulnerability in Redhat Shim Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption. | 7.5 |
2014-10-22 | CVE-2014-3676 | Redhat | Out-Of-Bounds Write vulnerability in Redhat Shim Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option." | 7.5 |
2014-10-21 | CVE-2014-5006 | Zohocorp | Path Traversal vulnerability in Zohocorp Manageengine Desktop Central Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. | 7.5 |
2014-10-21 | CVE-2014-5005 | Zohocorp | Path Traversal vulnerability in Zohocorp Manageengine Desktop Central Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. | 7.5 |
2014-10-21 | CVE-2014-7140 | Citrix | Unspecified vulnerability in Citrix Netscaler Application Delivery Controller Firmware 10.0/10.1/10.5 Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vectors. | 7.5 |
2014-10-21 | CVE-2013-7406 | Mrbs Project | SQL Injection vulnerability in Mrbs Project Mrbs 1.4.0/1.4.8 SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2014-10-20 | CVE-2014-8366 | Os4Ed | SQL Injection vulnerability in Os4Ed Opensis 4.5/5.3 SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php. | 7.5 |
2014-10-20 | CVE-2014-8363 | Wordpress Spreadsheet Project | SQL Injection vulnerability in Wordpress Spreadsheet Project Wordpress Spreadsheet 0.62 SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter. | 7.5 |
2014-10-20 | CVE-2014-2081 | III | SQL Injection vulnerability in III Vtls-Virtua 2013.2.3/2014.1.0 Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. | 7.5 |
2014-10-20 | CVE-2012-5244 | Bananadance | SQL Injection vulnerability in Bananadance Banana Dance 0.9/1.5 Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php. | 7.5 |
343 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-10-23 | CVE-2014-0619 | Hamstersoft | Local Security vulnerability in Hamstersoft Hamster Free ZIP Archiver 2.0.1.7 Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory. | 6.9 |
2014-10-26 | CVE-2014-2987 | Egroupware | Cross-Site Request Forgery (CSRF) vulnerability in Egroupware Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an admin.uiaccounts.add_user action to index.php or (2) modify settings via the newsettings parameter in an admin.uiconfig.index action to index.php. | 6.8 |
2014-10-25 | CVE-2014-3137 | Bottlepy | Improper Input Validation vulnerability in Bottlepy Bottle Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code. | 6.8 |
2014-10-25 | CVE-2014-5075 | Redhat Igniterealtime | Cryptographic Issues vulnerability in multiple products The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 6.8 |
2014-10-25 | CVE-2014-3604 | NOT YET Commons SSL Project | Cryptographic Issues vulnerability in NOT YET Commons SSL Project NOT YET Commons SSL 0.3.14 Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 6.8 |
2014-10-23 | CVE-2014-8073 | Openmrs | Cross-Site Request Forgery (CSRF) vulnerability in Openmrs 2.1 Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentication of administrators for requests that add a new user via a Save User action to admin/users/user.form. | 6.8 |
2014-10-23 | CVE-2014-7281 | Tenda | Cross-Site Request Forgery (CSRF) vulnerability in Tenda A32 and A32 Firmware Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot. | 6.8 |
2014-10-22 | CVE-2013-7407 | Drupal | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Mrbs Module Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2014-10-22 | CVE-2014-4449 | Apple | Cryptographic Issues vulnerability in Apple Iphone OS iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 6.8 |
2014-10-21 | CVE-2012-5242 | Bananadance | Path Traversal vulnerability in Bananadance Banana Dance 0.9/1.5 Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2014-10-20 | CVE-2014-8331 | Huawei | Cross-Site Request Forgery (CSRF) vulnerability in Huawei E3236 Firmware and E3276 Firmware Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3236 before E3276sTCPU-V200R002B470D13SP00C00 and E3276sWebUI-V100R007B100D03SP01C03 and E3276 before E3236sTCPU-V200R002B146D41SP00C00 and E3236sWebUI-V100R007B100D03SP01C03 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) use device functions. | 6.8 |
2014-10-20 | CVE-2012-5695 | Bulbsecurity | Cross-Site Request Forgery (CSRF) vulnerability in Bulbsecurity Smartphone Pentest Framework 0.1.2/0.1.3/0.1.4 Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS message. | 6.8 |
2014-10-20 | CVE-2012-5694 | Bulbsecurity | SQL Injection vulnerability in Bulbsecurity Smartphone Pentest Framework 0.1.2 Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.pl; the (6) modemPhoneNo, (7) controlKey, or (8) appURLPath parameter to frameworkgui/attachMobileModem.pl; the agentsDD parameter to (9) escalatePrivileges.pl, (10) getContacts.pl, (11) getDatabase.pl, (12) sendSMS.pl, or (13) takePic.pl in frameworkgui/; or the modemNoDD parameter to (14) escalatePrivileges.pl, (15) getContacts.pl, (16) getDatabase.pl, (17) SEAttack.pl, (18) sendSMS.pl, (19) takePic.pl, or (20) CSAttack.pl in frameworkgui/. | 6.8 |
2014-10-20 | CVE-2012-5701 | Dotproject | Cross-Site Request Forgery (CSRF) vulnerability in Dotproject 2.1.6 Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. | 6.8 |
2014-10-21 | CVE-2014-8375 | GB Plugins | SQL Injection vulnerability in Gb-Plugins GB Gallery Slideshow 1.5 SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php. | 6.5 |
2014-10-20 | CVE-2014-5275 | Prochatrooms | SQL Injection vulnerability in Prochatrooms Text Chat Rooms 8.2.0 Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) password, (2) email, or (3) id parameter. | 6.5 |
2014-10-20 | CVE-2014-3978 | Tomatocart | SQL Injection vulnerability in Tomatocart 1.1.8.6.1 SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact. | 6.5 |
2014-10-20 | CVE-2012-5865 | Achievo | SQL Injection vulnerability in Achievo 1.4.5 SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action. | 6.5 |
2014-10-25 | CVE-2014-3409 | Cisco | Resource Management Errors vulnerability in Cisco IOS XE The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406. | 6.1 |
2014-10-25 | CVE-2014-6251 | Cpuminer Project | Buffer Errors vulnerability in Cpuminer Project Cpuminer 2.4.0 Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request. | 6.0 |
2014-10-23 | CVE-2014-7292 | Newtelligence | Open Redirection vulnerability in Newtelligence Dasblog 2.1/2.2/2.3 Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to ct.ashx. | 5.8 |
2014-10-23 | CVE-2014-2230 | Openx | Open Redirection vulnerability in OpenX Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php. | 5.8 |
2014-10-21 | CVE-2014-7804 | Apptreestudios | Cryptographic Issues vulnerability in Apptreestudios Gangsta Auto Thief III 1.1 The Gangsta Auto Thief III (aka com.apptreestudios.gdup3) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7803 | Onesolutionapps | Cryptographic Issues vulnerability in Onesolutionapps Woodward Bail 1.1 The Woodward Bail (aka com.onesolutionapps.woodwardbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7802 | Appa Apps | Cryptographic Issues vulnerability in Appa-Apps TOP Roller Coasters Europe 2 @7F050001 The Top Roller Coasters Europe 2 (aka com.appaapps.top10tallesteuropeanrollercoasters2) application @7F050001 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7800 | Daily Green Project | Cryptographic Issues vulnerability in Daily Green Project Daily Green 2014.07 The Daily Green (aka it.opentt.blog.dailygreen) application 2014.07 dlygrn for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7799 | Squishy Birds Project | Cryptographic Issues vulnerability in Squishy Birds Project Squishy Birds 1.0.1 The Squishy birds (aka com.tatmob.squishybirds) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7798 | Enyetech | Cryptographic Issues vulnerability in Enyetech Coca-Cola FM Brasil 2.0.41709 The Coca-Cola FM Brasil (aka com.enyetech.radio.coca_cola.fm_br) application 2.0.41709 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7797 | Gotobestofprice | Cryptographic Issues vulnerability in Gotobestofprice Thai Food 1 The Thai food (aka com.foods.thaifood) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7796 | Nobexrc | Cryptographic Issues vulnerability in Nobexrc House365 Radio 3.2.3 The House365 Radio (aka com.nobexinc.wls_27853803.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7795 | ITP | Cryptographic Issues vulnerability in ITP Harpers Bazaar ART @7F080181 The Harpers Bazaar Art (aka com.itp.harpersart) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7794 | Narr8 | Cryptographic Issues vulnerability in Narr8 Knights of the Void 2.1.7 The Knights of the Void (aka me.narr8.android.serial.knights_of_the_void) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7793 | CB Calciatori Brutti Project | Cryptographic Issues vulnerability in CB - Calciatori Brutti Project CB - Calciatori Brutti 1 The CB - Calciatori Brutti (aka com.calciatori.brutti) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7791 | Appsgeyser | Cryptographic Issues vulnerability in Appsgeyser Backyard Wrestling 0.1 The Backyard Wrestling (aka com.wBackyardWrestling) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7789 | Zillionmuslims | Cryptographic Issues vulnerability in Zillionmuslims Zillion Muslims 1.1 The Zillion Muslims (aka com.zillionmuslims.src) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7788 | Best Free Giveaways Project | Cryptographic Issues vulnerability in Best Free Giveaways Project Best Free Giveaways 0.1 The Best Free Giveaways (aka com.wIphone5GiveAways) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7787 | Synapse | Cryptographic Issues vulnerability in Synapse Ishuttle 1 The iShuttle (aka com.synapse.ishuttle_user) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7786 | Magzter | Cryptographic Issues vulnerability in Magzter English Football Magazine 3 The English Football Magazine (aka com.magzter.englishfootball) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7785 | Onesolutionapps | Cryptographic Issues vulnerability in Onesolutionapps Aaaa Discount Bail 1.1 The AAAA Discount Bail (aka com.onesolutionapps.aaaadiscountbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7784 | Magzter | Cryptographic Issues vulnerability in Magzter Schon! Magazine 3 The Schon! Magazine (aka com.magzter.schonmagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7783 | Billgbennett | Cryptographic Issues vulnerability in Billgbennett Bill G. Bennett 1 The Bill G. | 5.4 |
2014-10-21 | CVE-2014-7782 | Macedonia Hacienda Hotel Project | Cryptographic Issues vulnerability in Macedonia Hacienda Hotel Project Macedonia Hacienda Hotel 1.0 The Macedonia Hacienda Hotel (aka appinventor.ai_orolimpio999.HotelMacedonia) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7781 | Fallacystudios | Cryptographic Issues vulnerability in Fallacystudios Marijuana Handbook Lite - Weed 3.2 The Marijuana Handbook Lite - Weed (aka com.fallacystudios.marijuanahandbooklite) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7780 | Ienvisage | Cryptographic Issues vulnerability in Ienvisage Pakistan Cricket News 1.21.38.6504 The Pakistan Cricket News (aka com.conduit.app_cf18df8bdf454eb0a836e2d29886bc40.app) application 1.21.38.6504 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7779 | Kuran IN Bilimsel Mucizeleri Project | Cryptographic Issues vulnerability in Kuran'In Bilimsel Mucizeleri Project Kuran'In Bilimsel Mucizeleri 0.1 The Kuran'in Bilimsel Mucizeleri (aka com.wKurannBilimselMucizeleri) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7778 | Magzter | Cryptographic Issues vulnerability in Magzter EPC World 3.1 The Epc World (aka com.magzter.epcworld) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7777 | Gcspublishing | Cryptographic Issues vulnerability in Gcspublishing Slingshot Forum 3.9.14 The Slingshot Forum (aka com.tapatalk.theslingshotforumcom) application 3.9.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7776 | Snaplion | Cryptographic Issues vulnerability in Snaplion Kavita KS 2.4 The Kavita KS (aka com.snaplion.kavitaks) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7775 | Magzter | Cryptographic Issues vulnerability in Magzter Champak - Hindi 3.0.1 The Champak - Hindi (aka com.magzter.champakhindi) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7774 | Herbs Flowers Dictionary Project | Cryptographic Issues vulnerability in Herbs & Flowers Dictionary Project Herbs & Flowers Dictionary 0.1 The Herbs & Flowers Dictionary (aka com.wHerbsNFlowersDictionary) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7773 | Appstronautme | Cryptographic Issues vulnerability in Appstronautme Cleveland Football Stream 2.1.0 The Cleveland Football STREAM (aka com.appstronautme.clevelandfootballstream) application 2.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7772 | MB Tickets Project | Cryptographic Issues vulnerability in MB Tickets Project MB Tickets 3.0.1 The MB Tickets (aka com.xcr.android.mbtickets) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7771 | Worldtamilbayan | Cryptographic Issues vulnerability in Worldtamilbayan World Tamil Bayan 0.1 The World Tamil Bayan (aka com.wWorldTamilBayan) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7770 | Mediaonlinecenter | Cryptographic Issues vulnerability in Mediaonlinecenter Lagu POP Indonesia 2 The Lagu POP Indonesia (aka com.lagu.pop.indonesia.xygwphqpuomclljvaa) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7769 | Mibizapps | Cryptographic Issues vulnerability in Mibizapps Accurate Lending 1.0021.B0021 The Accurate Lending (aka com.soln.S7B193908AEA1937C7CBB4E889A46D3C0) application 1.0021.b0021 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7768 | Analects OF Confucius Project | Cryptographic Issues vulnerability in Analects of Confucius Project Analects of Confucius 8 The Analects of Confucius (aka com.azbc88881.lunyu) application 8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7767 | Yunlai | Cryptographic Issues vulnerability in Yunlai A+ 1.0.1 The A+ (aka cn.xrzcm) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7766 | 7 Habits Personal Development Project | Cryptographic Issues vulnerability in 7 Habits Personal Development Project 7 Habits Personal Development 1 The 7 Habits Personal Development (aka appinventor.ai_ingka_d_jiw.TheCompleteGuideToApplyingThe7HabitsInHolisticPersonalDevelopment) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7765 | Tinytap | Cryptographic Issues vulnerability in Tinytap Hundred Thousands KID Book 1.6.3 The Hundred Thousands Kid Book (aka it.tinytap.attsa.thousands) application 1.6.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7764 | Semper Invicta Fitness Project | Cryptographic Issues vulnerability in Semper Invicta Fitness Project Semper Invicta Fitness 1.1 The Semper Invicta Fitness (aka com.semper.invicta.fitness) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7763 | Mirucho | Cryptographic Issues vulnerability in Mirucho Listen Up! Mirucho 1.1.8 The Listen up! mirucho (aka jp.ameba.kiiteyo.android) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7762 | Bite IT Project | Cryptographic Issues vulnerability in Bite It! Project Bite It! 1.1.8 The Bite it! (aka com.ASA1Touch.Bite_it) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7761 | Sincerely | Cryptographic Issues vulnerability in Sincerely INK Cards 2.0.4 The Ink Cards (aka com.sincerely.android.ink) application 2.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7760 | GOO | Cryptographic Issues vulnerability in GOO Health Assistance Service 2.4.1 The Health assistance service (aka net.nttcloud.ft.karada) application 2.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7759 | Nobexrc | Cryptographic Issues vulnerability in Nobexrc Jazz Lovers Radio 3.2.3 The Jazz Lovers Radio (aka com.nobexinc.wls_99273254.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7758 | Andsocialrew | Cryptographic Issues vulnerability in Andsocialrew Amkamal Science Portfolio 0.1 The AMKAMAL Science Portfolio (aka com.wAMKAMALSciencePortfolio) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7757 | Awful Ninja Game Project | Cryptographic Issues vulnerability in Awful Ninja Game Project Awful Ninja Game 1.0.23 The Awful Ninja Game (aka com.absolutelyawfulapplications.awfulninjagame) application 1.0.23 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7756 | Radiohead FAN Project | Cryptographic Issues vulnerability in Radiohead FAN Project Radiohead FAN 4.6.2 The Radiohead fan (aka nl.jborsje.android.bandnews.radiohead) application 4.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7755 | Etopuponline | Cryptographic Issues vulnerability in Etopuponline 3.4.9 The eTopUpOnline (aka com.moremagic.etopup.client.android) application 3.4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7754 | Appsworld | Cryptographic Issues vulnerability in Appsworld Condor S.E. 1.399 The Condor S.E. | 5.4 |
2014-10-21 | CVE-2014-7753 | CIR | Cryptographic Issues vulnerability in CIR Circa News 2.1.3 The Circa News (aka cir.ca) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7752 | Nasioc | Cryptographic Issues vulnerability in Nasioc 3.8.0 The NASIOC (aka net.endoftime.android.forumrunner.nasioc) application 3.8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7751 | Fotoschilenas | Cryptographic Issues vulnerability in Fotoschilenas Recetas DE Tragos 0.1 The Recetas de Tragos (aka com.wRecetasdeTragos) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7750 | Pocketmags | Cryptographic Issues vulnerability in Pocketmags Taster Magazine @7F080183 The Taster Magazine (aka com.magazinecloner.taster) application @7F080183 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7749 | Intsig | Cryptographic Issues vulnerability in Intsig Camdictionary 2.3.0.20131118 The CamDictionary (aka com.intsig.camdict) application 2.3.0.20131118 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7748 | Garip VE Ilginc Olaylar Project | Cryptographic Issues vulnerability in Garip VE Ilginc Olaylar Project Garip VE Ilginc Olaylar 0.1 The Garip Ve Ilginc Olaylar (aka com.wGaripveeIlgincOlay) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7746 | Pocketmags | Cryptographic Issues vulnerability in Pocketmags Fusion Flowers - Weddings @7F0801Aa The Fusion Flowers - Weddings (aka com.triactivemedia.fusionweddings) application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7745 | 133 | Cryptographic Issues vulnerability in 133 Flight Manager 4 The Flight Manager (aka com.flightmanager.view) application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7744 | Musulmanin | Cryptographic Issues vulnerability in Musulmanin Musulmanin.Com 0.1 The Musulmanin.com (aka com.wSalyafiyailimurdjiya) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7743 | Humor Ironias Y Realidades Project | Cryptographic Issues vulnerability in Humor Ironias Y Realidades Project Humor Ironias Y Realidades 0.63.13371.13576 The Humor Ironias y Realidades (aka com.wHumork) application 0.63.13371.13576 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7742 | Informaciondelvaticano | Cryptographic Issues vulnerability in Informaciondelvaticano Noticias DEL Vaticano 0.1 The Noticias del Vaticano (aka com.wNoticiasdelVaticano) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7741 | Almasiapps | Cryptographic Issues vulnerability in Almasiapps Healing Bookstore 0.1 The Healing Bookstore (aka com.wHealingBookstore) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7740 | Pocketmags | Cryptographic Issues vulnerability in Pocketmags Pony Magazine @7F080193 The Pony Magazine (aka com.triactivemedia.ponymagazine) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7739 | Deceiver | Cryptographic Issues vulnerability in Deceiver Anahi A Adopter FR 0.1 The Anahi A Adopter FR (aka com.wAnahiAAdopterFR) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7737 | Fmac | Cryptographic Issues vulnerability in Fmac : Federation Culinaire 1 The FMAC : Federation Culinaire (aka com.fmac) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7735 | 2RV | Cryptographic Issues vulnerability in 2RV DR. Sheikh Adnan Ibrahim 1 The Dr. | 5.4 |
2014-10-21 | CVE-2014-7734 | Onesolutionapps | Cryptographic Issues vulnerability in Onesolutionapps Reds Anytime Bail 1.1 The Reds Anytime Bail (aka com.onesolutionapps.redsanytimebailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7733 | Magzter | Cryptographic Issues vulnerability in Magzter Karaf Magazin 3 The Karaf Magazin (aka com.magzter.karafmagazin) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7731 | Radio DE LA Cato Project | Cryptographic Issues vulnerability in Radio DE LA Cato Project Radio DE LA Cato 2.0 The Radio de la Cato (aka com.radio.de.la.cato) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7728 | Civitasmedia | Cryptographic Issues vulnerability in Civitasmedia Logan Banner 1.0010.B0010 The Logan Banner (aka com.soln.S8B5C1F53B8CBE06D5DE0A0E7E23DCDA7) application 1.0010.b0010 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7727 | GOO | Cryptographic Issues vulnerability in GOO DJ Brad H 0.9 The Dj Brad H (aka com.dreamstep.wDjBradH) application 0.90 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7726 | Golosinassimpson | Cryptographic Issues vulnerability in Golosinassimpson Golosinas Simpson1 0.1 The Golosinas Simpson1 (aka com.wGolosinasSimpson1) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7725 | ISS | Cryptographic Issues vulnerability in ISS Rally Albania Live 2014 0.11 The Rally Albania Live 2014 (aka com.wRallyAlbaniaLIVE2014) application 0.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7724 | Chemssou Blink Project | Cryptographic Issues vulnerability in Chemssou Blink Project Chemssou Blink 1 The Chemssou Blink (aka com.chemssou.blink) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7723 | CMU | Cryptographic Issues vulnerability in CMU Carnegie Mellon Silicon Valley 0.1 The Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7722 | Magzter | Cryptographic Issues vulnerability in Magzter Indian Jeweller 3 The Indian Jeweller (aka com.magzter.indianjeweller) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7721 | Flexymind | Cryptographic Issues vulnerability in Flexymind President Clicker 1.0.4 The President Clicker (aka com.flexymind.pclicker) application 1.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7720 | Pacificmags | Cryptographic Issues vulnerability in Pacificmags Better Homes and Gardens AUS @7F0801B2 The Better Homes and Gardens Aus (aka com.pacificmagazines.betterhomesandgardens) application @7F0801B2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7719 | Mobile | Cryptographic Issues vulnerability in Mobile Baseball Manager K 1.13 The BASEBALL MANAGER K (aka com.cjenm.yagamkgoogle) application 1.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7718 | Magzter | Cryptographic Issues vulnerability in Magzter Travel+Leisure 3 The Travel+Leisure (aka com.magzter.travelleisure) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7717 | Userfriendlymedia | Cryptographic Issues vulnerability in Userfriendlymedia Mills-Hazel Property Mgmt 3.0.0 The Mills-Hazel Property Mgmt (aka com.appexpress.millshazelpropertymanagement) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7716 | Nestler | Cryptographic Issues vulnerability in Nestler Ultimate Christian Radios 1.0.1 The Ultimate Christian Radios (aka com.ngg.ultimatechristianradios) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7715 | Innopage | Cryptographic Issues vulnerability in Innopage Giga Hobby 1.0.6 The GIGA HOBBY (aka com.innopage.store.gigahobby) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7714 | Ibon | Cryptographic Issues vulnerability in Ibon 3.2.1 The ibon (aka tw.net.pic.mobi) application 3.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7713 | Pocketmags | Cryptographic Issues vulnerability in Pocketmags Skin&Ink Magazine @7F08017A The Skin&Ink Magazine (aka com.triactivemedia.skinandink) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7712 | Tiket | Cryptographic Issues vulnerability in Tiket Tiket.Com Hotel & Flight 1.1.2 The Tiket.com Hotel & Flight (aka com.tiket.gits) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7710 | Magzter | Cryptographic Issues vulnerability in Magzter India Today Telugu 3.02 The India Today Telugu (aka com.magzter.indiatoday.telugu) application 3.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7708 | Booksbyraven | Cryptographic Issues vulnerability in Booksbyraven Raven - the Culture Lover 1.6 The Raven - The Culture Lover (aka com.booksbyraven) application 1.60 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7707 | Pocketmags | Cryptographic Issues vulnerability in Pocketmags Outdoor Design and Living @7F080181 The Outdoor Design And Living (aka com.pocketmagsau.outdoordesignandliving) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7705 | Mbtcreations | Cryptographic Issues vulnerability in Mbtcreations Atkins Diet Free Shopping List 1.1 The Atkins Diet Free Shopping List (aka com.wAtkinsDietFreeShoppingList) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7703 | Pocketmags | Cryptographic Issues vulnerability in Pocketmags Terrorizer Magazine @7F08017A The Terrorizer Magazine (aka com.triactivemedia.terrorizer) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7702 | Ahtty | Cryptographic Issues vulnerability in Ahtty 1.97.16 The ahtty (aka com.crevation.babylon.ahtty) application 1.97.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7701 | Abine | Cryptographic Issues vulnerability in Abine Donottrackme - Mobile Privacy 1.1.8 The DoNotTrackMe - Mobile Privacy (aka com.abine.dnt) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7700 | Chillingo | Cryptographic Issues vulnerability in Chillingo Flying FOX 1.0.0 The Flying Fox (aka com.chillingo.slyfoxfree.android.aja) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7698 | Xinhua News | Cryptographic Issues vulnerability in Xinhua-News Xinhua International 5.5.0 The Xinhua International (aka org.xinhua.xnews_international) application 5.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7697 | Endulujans | Cryptographic Issues vulnerability in Endulujans Eyvah! Bosandim Ozgurum 0.1 The Eyvah! Bosandim ozgurum (aka com.wEyvahBosandimBlog) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7696 | Magzter | Cryptographic Issues vulnerability in Magzter Halftime Magazine 3 The Halftime Magazine (aka com.magzter.halftimemagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7695 | Easaa | Cryptographic Issues vulnerability in Easaa Baoneng 1 The easaa Baoneng (aka com.easaa.baoneng) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7694 | Fastappz | Cryptographic Issues vulnerability in Fastappz Corvette Museum 1.399 The Corvette Museum (aka com.app_corvettemuseum.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7693 | Jusapp | Cryptographic Issues vulnerability in Jusapp Jusapp! 3.7.5 The JusApp! (aka com.tapatalk.jusappcombrforum) application 3.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7692 | Rowlandsolutions | Cryptographic Issues vulnerability in Rowlandsolutions Lent Experience 0.1 The Lent Experience (aka com.wLentExperience) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7691 | Life Story OF Sheikh Mujib Project | Cryptographic Issues vulnerability in Life Story of Sheikh Mujib Project Life Story of Sheikh Mujib 0.1 The Life Story of Sheikh Mujib (aka com.wbongobondho) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7690 | Myfone | Cryptographic Issues vulnerability in Myfone Shopping 2.1.01.00.040 The myfone Shopping (aka com.twm.pt.eccart) application 2.1.01.00.040 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7689 | Longluntan | Cryptographic Issues vulnerability in Longluntan Gzonerc - the RC Hobby HUB 0.1 The GzoneRC - The RC Hobby Hub (aka com.wGzoneRC) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7688 | Home Improvement Project | Cryptographic Issues vulnerability in Home Improvement Project Home Improvement 0.1 The Home Improvement (aka com.whomeimprovementapp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7686 | Chamberme | Cryptographic Issues vulnerability in Chamberme SO. CO. Business Partnership 3.2 The So. | 5.4 |
2014-10-21 | CVE-2014-7685 | Razerzone | Cryptographic Issues vulnerability in Razerzone Razer Comms - Gaming Messenger 1.3.07 The Razer Comms - Gaming Messenger (aka com.razerzone.comms) application 1.3.07 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7683 | Booksellerscanada | Cryptographic Issues vulnerability in Booksellerscanada Free Canadian Author Previews 1.0.0 The Free Canadian Author Previews (aka com.booksellerscanada.authorpreview) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7682 | Magzter | Cryptographic Issues vulnerability in Magzter Gr8! TV 3 The GR8! TV (aka com.magzter.greighttv) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7681 | Core Apps | Cryptographic Issues vulnerability in Core-Apps VMWare Vforums 2014 6.0.9.4 The VMware vForums 2014 (aka com.coreapps.android.followme.vmwarevforums) application 6.0.9.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7677 | Scudetto Project | Cryptographic Issues vulnerability in Scudetto Project Scudetto 2.7 The Scudetto (aka com.scudetto) application 2.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7676 | Home Made AIR Freshener Project | Cryptographic Issues vulnerability in Home Made AIR Freshener Project Home Made AIR Freshener 1.1 The Home Made Air Freshener (aka com.wHomeMadeAirFreshener) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7674 | Ticketone | Cryptographic Issues vulnerability in Ticketone Ticketone.It 2.2 The TicketOne.it (aka it.ticketone.mobile.app.Android) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7671 | Tekno Apsis Project | Cryptographic Issues vulnerability in Tekno Apsis Project Tekno Apsis 2.4 The Tekno Apsis (aka com.teknoapsis) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7670 | Alawar | Cryptographic Issues vulnerability in Alawar Motor Town: Machine Soul Free 1.1 The Motor Town: Machine Soul Free (aka com.alawar.motortownfree) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7668 | Inzeratyzdarma | Cryptographic Issues vulnerability in Inzeratyzdarma ADS Free. CZ Advert 1.4 The Ads Free. | 5.4 |
2014-10-21 | CVE-2014-7667 | Enyetech | Cryptographic Issues vulnerability in Enyetech Coca-Cola FM Honduras 2.0.41725 The Coca-Cola FM Honduras (aka com.enyetech.radio.coca_cola.fm_hn) application 2.0.41725 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7666 | Pocketmags | Cryptographic Issues vulnerability in Pocketmags American Waterfowler @7F0801Aa The American Waterfowler (aka com.magazinecloner.americanwaterfowler) application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7664 | Bilingual Magic Ball Relajo Project | Cryptographic Issues vulnerability in Bilingual Magic Ball Relajo Project Bilingual Magic Ball Relajo 0.1 The Bilingual Magic Ball Relajo (aka com.wBilingualMagicBallRelajo) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7663 | GO Nitty Gritty | Cryptographic Issues vulnerability in Go-Nitty-Gritty Right TO the Nitty Gritty 0.1 The Right to the Nitty Gritty (aka com.wGoNittyGritty) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7661 | Masquito2013 | Cryptographic Issues vulnerability in Masquito2013 Masquito Blogger 0.1 The Masquito Blogger (aka com.wmasquito) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7660 | Magzter | Cryptographic Issues vulnerability in Magzter Gent Magazine 3 The Gent Magazine (aka com.magzter.thegentmagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7659 | Expeditersonline | Cryptographic Issues vulnerability in Expeditersonline Expeditersonline.Com Forum 3.7.13 The ExpeditersOnline.com Forum (aka com.quoord.tapatalkeo.activity) application 3.7.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7656 | Magzter | Cryptographic Issues vulnerability in Magzter Indian Management 3 The Indian Management (aka com.magzter.indianmanagement) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7655 | Verkehrsmuseum Dresden | Cryptographic Issues vulnerability in Verkehrsmuseum-Dresden Dresden Transport Museum 2.2 The Dresden Transport Museum (aka de.appack.project.vmd) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7652 | Magicam Photo Magic Editor Project | Cryptographic Issues vulnerability in Magicam Photo Magic Editor Project Magicam Photo Magic Editor 5 The Magicam Photo Magic Editor (aka mobi.magicam.editor) application 5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7650 | Ashok88 | Cryptographic Issues vulnerability in Ashok88 Jja- Juvenile Justice ACT 1986 1 The JJA- Juvenile Justice Act 1986 (aka com.felix.jja) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7649 | Pocketmags | Cryptographic Issues vulnerability in Pocketmags Classic CAR Buyer @7F08017A The Classic Car Buyer (aka com.magazinecloner.carbuyer) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7648 | IP Phone Smart | Cryptographic Issues vulnerability in Ip-Phone-Smart Smartalk 1.1 The SMARTalk (aka jp.co.fusioncom.smartalk.android) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7647 | Mygoodhotels | Cryptographic Issues vulnerability in Mygoodhotels Booking Discount 0.1 The BOOKING DISCOUNT (aka com.wmygoodhotelscom) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7646 | Buzztouch | Cryptographic Issues vulnerability in Buzztouch Emt-Paramedic Lite 0.1 The EMT-Paramedic Lite (aka com.wEMTparamedicLite) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7644 | Doapps | Cryptographic Issues vulnerability in Doapps GO MSX MLS 2.3.4.Mr3 The Go MSX MLS (aka com.doapps.android.realestate.RE_16b9c09c4d5b0e174208f35e7c49f9a0) application 2.3.4.MR3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7643 | Crgroup LB | Cryptographic Issues vulnerability in Crgroup-Lb C.R. Group 1 The C.R. | 5.4 |
2014-10-21 | CVE-2014-7642 | Pegasus Airlines Project | Cryptographic Issues vulnerability in Pegasus Airlines Project Pegasus Airlines 0.84.13503.96707 The Pegasus Airlines (aka com.wPegasusAirlines) application 0.84.13503.96707 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7640 | Hotel Room | Cryptographic Issues vulnerability in Hotel-Room Hotel Room 0.1 The Hotel Room (aka com.wHotelRoom) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7638 | Nobexrc | Cryptographic Issues vulnerability in Nobexrc Fabuestereo 88.1 FM 3.2.3 The Fabuestereo 88.1 FM (aka com.nobexinc.wls_27892411.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7636 | Unitedhawknation | Cryptographic Issues vulnerability in Unitedhawknation United Hawk Nation 2.1 The United Hawk Nation (aka com.united12thman) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7634 | Adopt O PET Project | Cryptographic Issues vulnerability in Adopt O PET Project Adopt O PET 0.1 The Adopt O Pet (aka com.wFindAPet) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7633 | Tappocket | Cryptographic Issues vulnerability in Tappocket Dino ZOO 1.5 The Dino Zoo (aka com.tappocket.dinozoostar) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7632 | News Revolution Bahrain Project | Cryptographic Issues vulnerability in News Revolution - Bahrain Project News Revolution - Bahrain 3.2 The news revolution - bahrain (aka com.news.revolution.BH) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7631 | Texasweddingmall | Cryptographic Issues vulnerability in Texasweddingmall Villa Antonia 1 The Villa Antonia (aka com.appbuilder.u7p5019) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7630 | Candycaneapps | Cryptographic Issues vulnerability in Candycaneapps Fling Gold 1.1.3 The Fling Gold (aka com.mbgames.fling.gold) application 1.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7629 | Dublabs | Cryptographic Issues vulnerability in Dublabs Yulman Stadium 1.4.25 The Yulman Stadium (aka com.dub.app.tulanestadium) application 1.4.25 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-7628 | Priorswood | Cryptographic Issues vulnerability in Priorswood Acorn Comms 3 The Acorn Comms (aka com.acorncomms.app) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-4906 | Playstudio | Cryptographic Issues vulnerability in Playstudio Brisbane & Queensland Alert 2 The Brisbane & Queensland Alert (aka com.queensland.alert) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-4905 | Cleaninternet | Cryptographic Issues vulnerability in Cleaninternet Clean Internet Browser 1.36 The Clean Internet Browser (aka com.cleantab.browsesecure) application 1.36 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-4904 | Crossmo | Cryptographic Issues vulnerability in Crossmo Calendar 1.7.1 The Crossmo Calendar (aka com.crossmo.calendar) application 1.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-4903 | Mocoga | Cryptographic Issues vulnerability in Mocoga Kakao Bingo Garden 1.0.14 The Kakao Bingo Garden (aka com.mocoga.bingogarden) application 1.0.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-4901 | Tradingandinvesting4U | Cryptographic Issues vulnerability in Tradingandinvesting4U Bond Trading 197705 The Bond Trading (aka com.appmakr.app613309) application 197705 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-4900 | MIG | Cryptographic Issues vulnerability in MIG Migme 4.03.002 The migme (aka com.projectgoth) application 4.03.002 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-4899 | Magzter | Cryptographic Issues vulnerability in Magzter Indian Cement Review 3.01 The Indian Cement Review (aka com.magzter.indiancementreview) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-4898 | Upasanhar | Cryptographic Issues vulnerability in Upasanhar Harivijay 4 The Harivijay (aka com.upasanhar.marathi.harivijay) application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-4897 | Magzter | Cryptographic Issues vulnerability in Magzter Touriosity Travelmag 3.1 The Touriosity Travelmag (aka com.magzter.touriositytravelmag) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-4896 | Mobileappspartner | Cryptographic Issues vulnerability in Mobileappspartner Parque Imperial 1.02 The Parque Imperial (aka com.a792139893520606f84b2188a.a23428594a) application 1.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-4895 | Herpin Time Radio Project | Cryptographic Issues vulnerability in Herpin Time Radio Project Herpin Time Radio 2 The Herpin Time Radio (aka com.herpin.time.radio) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-4894 | Mymetro Project | Cryptographic Issues vulnerability in Mymetro Project Mymetro 2.4.7 The MyMetro (aka com.myrippleapps.mymetro) application 2.4.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-4892 | Ucontrol | Cryptographic Issues vulnerability in Ucontrol Smart Home Automation 1.2 The uControl Smart Home Automation (aka de.ucontrol) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-4891 | Ctihub | Cryptographic Issues vulnerability in Ctihub CT Ihub 1 The CT iHub (aka com.concursive.ctihub) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-4890 | Magzter | Cryptographic Issues vulnerability in Magzter Nano Digest 3 The Nano Digest (aka com.magzter.nanodigest) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-4889 | Diabetic Diet Guide Project | Cryptographic Issues vulnerability in Diabetic Diet Guide Project Diabetic Diet Guide 2.1 The Diabetic Diet Guide (aka com.wDiabeticDietGuide) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-4888 | Tequilagames | Cryptographic Issues vulnerability in Tequilagames Battlefriends AT SEA Gold 1.1.0 The BattleFriends at Sea GOLD (aka com.tequilamobile.warshipslivegold) application 1.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-4887 | Nobexrc | Cryptographic Issues vulnerability in Nobexrc Joint Radio Blues 3.2.3 The Joint Radio Blues (aka com.nobexinc.wls_69685189.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-4885 | Closeprotectionworld | Cryptographic Issues vulnerability in Closeprotectionworld Cpworld Close Protection World 3.4.4 The CPWORLD Close Protection World (aka com.tapatalk.closeprotectionworldcom) application 3.4.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-21 | CVE-2014-4884 | Conrad Hotel Project | Cryptographic Issues vulnerability in Conrad Hotel Project Conrad Hotel 0.1 The Conrad Hotel (aka com.wConradHotel) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7626 | Atme | Cryptographic Issues vulnerability in Atme 1.0.10 The Atme (aka com.bedigital.atme) application 1.0.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7624 | Aiadp | Cryptographic Issues vulnerability in Aiadp Guess the Pixel Character Quiz 1.3 The Guess the Pixel Character Quiz (aka com.aiadp.pixelcQuiz) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7622 | Affinitycu | Cryptographic Issues vulnerability in Affinitycu Affinity Mobile ATM Locator 1.5 The Affinity Mobile ATM Locator (aka com.collegemobile.affinity.locator) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7621 | EIN Lookup Project | Cryptographic Issues vulnerability in EIN Lookup Project EIN Lookup 1.1 The EIN Lookup (aka appinventor.ai_siwanuth.EINLookup) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7620 | Authorsontourlive | Cryptographic Issues vulnerability in Authorsontourlive Authors ON Tour - Live! 4 The Authors On Tour - Live! (aka com.appmakr.app122286) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7618 | Moderndecoration | Cryptographic Issues vulnerability in Moderndecoration Interior Design 1 The Interior Design (aka com.interior.design.mcreda) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7617 | Roads365 | Cryptographic Issues vulnerability in Roads365 Www.Roads365.Com 1.0.1 The www.roads365.com (aka ydx.android) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7616 | Physicsforums | Cryptographic Issues vulnerability in Physicsforums Physics Forums 3.9.22 The Physics Forums (aka com.tapatalk.physicsforumscom) application 3.9.22 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7614 | Warrior Beach Retreat Project | Cryptographic Issues vulnerability in Warrior Beach Retreat Project Warrior Beach Retreat 0.1 The Warrior Beach Retreat (aka com.wWarriorBeachRetreat) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7613 | Pocketmags | Cryptographic Issues vulnerability in Pocketmags Wasps Official Programmes @7F080130 The WASPS Official Programmes (aka com.triactivemedia.wasps) application @7F080130 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7612 | E Kiosk | Cryptographic Issues vulnerability in E-Kiosk 1.74 The e-Kiosk (aka com.ekioskreader.android.pdfviewer) application 1.74 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7611 | Lost Temple Project | Cryptographic Issues vulnerability in Lost Temple Project Lost Temple 1.6 The Lost Temple (aka com.crazy.game.good.mengchenglu.templeI) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7610 | Kadinlar Kulubu Kkmobileapp Project | Cryptographic Issues vulnerability in Kadinlar Kulubu Kkmobileapp Project Kadinlar Kulubu Kkmobileapp 3.4.3 The Kadinlar Kulubu KKMobileApp (aka com.tapatalk.kadinlarkulubucom) application 3.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7609 | Miniclip | Cryptographic Issues vulnerability in Miniclip Istunt 2 1.1.2 The iStunt 2 (aka com.miniclip.istunt2) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7608 | Carrierenterprise | Cryptographic Issues vulnerability in Carrierenterprise Carrier Enterprise Hvac Assist 4 The Carrier Enterprise HVAC Assist (aka com.es.CE) application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7607 | Swamiji | Cryptographic Issues vulnerability in Swamiji Swamiji.Tv 2 The Swamiji.tv (aka org.yidl.SwamijiTV) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7606 | Concursive | Cryptographic Issues vulnerability in Concursive 2.1 The Concursive (aka com.concursive.app) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7605 | Actorskey | Cryptographic Issues vulnerability in Actorskey Actors KEY 1.6.24.477 The Actors Key (aka com.conduit.app_f83daeb6861b401bb103c33ea4210029.app) application 1.6.24.477 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7604 | Easy Tips FOR Glowing Skin Project | Cryptographic Issues vulnerability in Easy Tips FOR Glowing Skin Project Easy Tips for Glowing Skin 1 The Easy Tips For Glowing Skin (aka com.n.easytipsforglowingskin) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7603 | Graveydesign | Cryptographic Issues vulnerability in Graveydesign Gravey Design 0.58.13357.54919 The Gravey Design (aka com.dreamstep.wGraveyDesign) application 0.58.13357.54919 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7602 | Pocketmags | Cryptographic Issues vulnerability in Pocketmags Front @7F08017A The FRONT (aka com.magazinecloner.front) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7598 | Poker Puzzle Project | Cryptographic Issues vulnerability in Poker Puzzle Project Poker Puzzle 1.0.0 The Poker Puzzle (aka com.sharpiq.pokerpuzzle) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7597 | Gowkster | Cryptographic Issues vulnerability in Gowkster Fabulas Infantiles 3.0.0 The Fabulas Infantiles (aka com.mobincube.android.sc_9I1A3) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7596 | Paramore Project | Cryptographic Issues vulnerability in Paramore Project Paramore 2.3.4 The Paramore (aka uk.co.pixelkicks.paramore) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7595 | Devada Project | Cryptographic Issues vulnerability in Devada Project Devada 1.2 The devada.co.uk (aka com.wdevadacouk) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7593 | Appytimes | Cryptographic Issues vulnerability in Appytimes MR Whippet - Yorkshire ICE 1.1 The Mr Whippet - Yorkshire Ice (aka com.appytimes.ice) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7592 | Fanshawec | Cryptographic Issues vulnerability in Fanshawec FOL 3.0.729.1459 The FOL (aka com.desire2learn.fol.mobile.app.campuslife.directory) application 3.0.729.1459 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7591 | Ireadercity | Cryptographic Issues vulnerability in Ireadercity Demon 3.0.2 The Demon (aka com.ireadercity.c24) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7590 | Webpromoexperts | Cryptographic Issues vulnerability in Webpromoexperts 1.8 The WebPromoExperts (aka ua.com.webpromoexperts) application 1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7589 | Icbc | Cryptographic Issues vulnerability in Icbc Industrial and Commercial Bank of China 2.4 The Industrial and Commercial Bank of China (ICBC) Banking (aka com.icbc.android) application 2.40 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7587 | Designtoolkits | Cryptographic Issues vulnerability in Designtoolkits Blocked in Free 1 The Blocked in Free (aka com.blueup.blocked) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7585 | Gcspublishing | Cryptographic Issues vulnerability in Gcspublishing Biplane Forum 3.7.14 The Biplane Forum (aka com.gcspublishing.biplaneforum) application 3.7.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7584 | Dataparadigm | Cryptographic Issues vulnerability in Dataparadigm Acn2Go 1.7 The ACN2GO (aka com.dataparadigm.acnmobile) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7582 | C2Ae | Cryptographic Issues vulnerability in C2Ae Water Lateral Sizer 1.2 The Water Lateral Sizer (aka com.wWaterLateralSizer) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7581 | Quotes OF Travis Barker Project | Cryptographic Issues vulnerability in Quotes of Travis Barker Project Quotes of Travis Barker 0.0.1 The Quotes of Travis Barker (aka com.celebrity_quotes.travisbarker) application 0.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7580 | Thailand Investor News Project | Cryptographic Issues vulnerability in Thailand Investor News Project Thailand Investor News 1.39S The Thailand Investor News (aka nudecreative.thaistock.set) application 1.39s for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7578 | Biebernoticias | Cryptographic Issues vulnerability in Biebernoticias Bieber News NOW 12.0.5 The Bieber News Now (aka com.jbnews) application 12.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7577 | Bandh | Cryptographic Issues vulnerability in Bandh B&H Photo Video PRO Audio 2.5.1 The B&H Photo Video Pro Audio (aka com.bhphoto) application 2.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7576 | Phimviethoa | Cryptographic Issues vulnerability in Phimviethoa Chien Binh Bakugan 2 Longtieng 2 The Chien Binh Bakugan 2 LongTieng (aka com.htv.chien.binh.bakugan.ii.hanh.trinh.moi.long.tieng) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7575 | Ebiblio | Cryptographic Issues vulnerability in Ebiblio Andalucia 1.6.5 The eBiblio Andalucia (aka com.bqreaders.reader.ebiblioandalucia) application 1.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7573 | Harvestyourdata | Cryptographic Issues vulnerability in Harvestyourdata Droid Survey Offline Forms 2.5.2 The droid Survey Offline Forms (aka com.contact.droidSURVEY) application 2.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7572 | Fallacystudios | Cryptographic Issues vulnerability in Fallacystudios Stoner'S Handbook L- BUD Guide 7.2 The Stoner's Handbook L- Bud Guide (aka fallacystudios.stonershandbooklite) application 7.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7571 | Grey S Anatomy FAN Project | Cryptographic Issues vulnerability in Grey'S Anatomy FAN Project Grey'S Anatomy FAN 3.7.2 The Grey's Anatomy Fan (aka nl.jborsje.android.tvfan.greysanatomy) application 3.7.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7570 | Fire Equipments Screen Lock Project | Cryptographic Issues vulnerability in Fire Equipments Screen Lock Project Fire Equipments Screen Lock 1.1 The Fire Equipments Screen lock (aka com.locktheworld.screen.lock.theme.FireEquipments) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7569 | Bestapp | Cryptographic Issues vulnerability in Bestapp Best Greatness Quotes 1 The Best Greatness Quotes (aka best.free.greatness.quotes.android.app) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7568 | Automon | Cryptographic Issues vulnerability in Automon Marcus Butler Unofficial 1.4.0.6 The Marcus Butler Unofficial (aka com.automon.ay.marcus.butler) application 1.4.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7567 | Webges | Cryptographic Issues vulnerability in Webges Imig 2012 1.0.0 The iMig 2012 (aka com.webges.imig) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7566 | Abtei Neuburg | Cryptographic Issues vulnerability in Abtei-Neuburg Stift Neuburg 1.1 The Stift Neuburg (aka de.appack.project.neuburg) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7565 | GMT Editions | Cryptographic Issues vulnerability in Gmt-Editions Rando Noeux 1.0.0 The Rando Noeux (aka com.gmteditions.NoeuxLesMinesDistrib) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7564 | Bookformobile | Cryptographic Issues vulnerability in Bookformobile Simple CAR Care TIP and Advice 1.03 The Simple Car Care Tip and Advice (aka com.a1481542198504ee106f182c8a.a40350826a) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7563 | Tacticalforcellc | Cryptographic Issues vulnerability in Tacticalforcellc Tactical Force LLC 1.9.23.276 The Tactical Force LLC (aka com.conduit.app_69f61a8852b046f2846054b30c4032a7.app) application 1.9.23.276 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7562 | Healthadvocate | Cryptographic Issues vulnerability in Healthadvocate Health Advocate Smarthelp 3.6 The Health Advocate SmartHelp (aka com.healthadvocate.ui) application 3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7560 | Fabasoft | Cryptographic Issues vulnerability in Fabasoft Cloud 3.0.1 The Fabasoft Cloud (aka com.fabasoft.android.cmis.folio_cloud) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7559 | Instatalks | Cryptographic Issues vulnerability in Instatalks 1.3.1 The InstaTalks (aka com.natrobit.instatalks) application 1.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7558 | Everest Poker Project | Cryptographic Issues vulnerability in Everest Poker Project Everest Poker 0.1 The Everest Poker (aka com.wEverestPoker) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7557 | Zroadster | Cryptographic Issues vulnerability in Zroadster Zroadster.Com 2.4.13.17 The zroadster.com (aka com.tapatalk.zroadstercomforum) application 2.4.13.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7555 | Apparound | Cryptographic Issues vulnerability in Apparound Blend 4.9.0 The Apparound BLEND (aka com.apparound.mobile.catalogo) application 4.9.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7554 | Bouqs Flowers Simplified Project | Cryptographic Issues vulnerability in Bouqs - Flowers Simplified Project Bouqs - Flowers Simplified 1.8.4 The Bouqs - Flowers Simplified (aka com.bouqs.activity) application 1.8.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7553 | Getnycelightworks | Cryptographic Issues vulnerability in Getnycelightworks GET Nyce Lightworks 0.84.13506.98953 The GET NYCE Lightworks (aka com.wGETNYCE) application 0.84.13506.98953 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7552 | 129Zou | Cryptographic Issues vulnerability in 129Zou Zombie Diary 1.2.2 The Zombie Diary (aka com.ezjoy.feelingtouch.zombiediary) application 1.2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7551 | Avexim | Cryptographic Issues vulnerability in Avexim Noticias Bebes Beybies 1 The Noticias Bebes Beybies (aka com.beybies) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7550 | Basketball News Videos Project | Cryptographic Issues vulnerability in Basketball News & Videos Project Basketball News & Videos 1 The basketball news & videos (aka com.basketbal.news.caesar) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7547 | Fpinternet | Cryptographic Issues vulnerability in Fpinternet Texas Poker Unlimited Hold'Em 1.2.0 The Texas Poker Unlimited Hold'em (aka com.fpinternet.texaspokerunlimitedholdem) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7546 | Buddhist Prayer Project | Cryptographic Issues vulnerability in Buddhist Prayer Project Buddhist Prayer 3 The Buddhist Prayer (aka com.buddhist.prayer.mantra.sutra) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7544 | Narr8 | Cryptographic Issues vulnerability in Narr8 Secret City - Motion Comic 2.1.7 The Secret City - Motion Comic (aka me.narr8.android.serial.the_secret_city) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7543 | Bloodjournal | Cryptographic Issues vulnerability in Bloodjournal Blood 2.1 The Blood (aka com.sheridan.ash) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7542 | Staperpetua | Cryptographic Issues vulnerability in Staperpetua L'Informatiu 2 The l'Informatiu (aka com.linformatiu.spm) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7539 | Zhang Zhijun Taiwan Visit 2014 06 25 Project | Cryptographic Issues vulnerability in Zhang Zhijun Taiwan Visit 2014-06-25 Project Zhang Zhijun Taiwan Visit 2014-06-25 1.0 The Zhang Zhijun Taiwan Visit 2014-06-25 (aka com.zizizzi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7538 | Headlines News India Project | Cryptographic Issues vulnerability in Headlines News India Project Headlines News India 0.21.13219.95110 The Headlines news India (aka com.dreamstep.wHEADLINESNEWSINDIA) application 0.21.13219.95110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7536 | Serviceacademyforums | Cryptographic Issues vulnerability in Serviceacademyforums Service Academy Forums 3.6.12 The Service Academy Forums (aka com.tapatalk.serviceacademyforumscom) application 3.6.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7535 | Pocketmags | Cryptographic Issues vulnerability in Pocketmags Classic Racer @7F0801Aa The Classic Racer (aka com.triactivemedia.classicracer) application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7534 | Buydot | Cryptographic Issues vulnerability in Buydot Funny & Interesting Things 0.1 The Funny & Interesting Things (aka com.wFunnyandInterestingThings) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7533 | Notredame | Cryptographic Issues vulnerability in Notredame Seguradora 1.2 The NotreDame Seguradora (aka br.com.notredame.mobile.NotreDame) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7532 | Greenecosystem | Cryptographic Issues vulnerability in Greenecosystem GES Agri Connect 0.1 The GES Agri Connect (aka com.wAgriConnect) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7530 | Myapp | Cryptographic Issues vulnerability in Myapp Prix Import 1 The PRIX IMPORT (aka com.myapphone.android.myapppriximport) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7529 | Streamingidiot | Cryptographic Issues vulnerability in Streamingidiot Bodyguard for Hire 0.18.13146.42280 The Bodyguard for Hire (aka com.dreamstep.wBodyGuardforHire) application 0.18.13146.42280 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7528 | Apptive | Cryptographic Issues vulnerability in Apptive Horsepower 2.10.11 The Horsepower (aka com.apptive.android.apps.horsepower) application 2.10.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7527 | Savage Nation Mobile WEB Project | Cryptographic Issues vulnerability in Savage Nation Mobile web Project Savage Nation Mobile web 0.57.13354.63350 The Savage Nation Mobile Web (aka com.wSavageNation) application 0.57.13354.63350 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7526 | Immunize | Cryptographic Issues vulnerability in Immunize Canada 1.0.1 The Immunize Canada (aka ca.ohri.immunizeapp) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7525 | Okacloud | Cryptographic Issues vulnerability in Okacloud Domain Name Search & web Host 0.64.13398.55733 The Domain Name Search & Web Host (aka com.wDomainNameSearchandRegistration) application 0.64.13398.55733 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7524 | BED AND Breakfast Project | Cryptographic Issues vulnerability in BED and Breakfast Project BED and Breakfast 0.1 The Bed and Breakfast (aka com.wbedandbreakfastapp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7523 | Islamicode | Cryptographic Issues vulnerability in Islamicode Radio Bethlehem Rb2000 1 The Radio Bethlehem RB2000 (aka com.Abuhadbah.rbl2000v2) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7522 | Maccabi4U | Cryptographic Issues vulnerability in Maccabi4U Maccabi Pakal 1.2 The Maccabi Pakal (aka com.ideomobile.pakalmaccabi) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7521 | Mobiloapps | Cryptographic Issues vulnerability in Mobiloapps Anderson Musaamil 1.4 The Anderson Musaamil (aka com.app_andersonmusaamil.layout) application 1.400 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7520 | Nova921 | Cryptographic Issues vulnerability in Nova921 Nova 92.1 FM 1 The Nova 92.1 FM (aka com.wNova921FM) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7519 | Cyclingforfun | Cryptographic Issues vulnerability in Cyclingforfun Cycling Manager Game CFF 1 The Cycling Manager Game Cff (aka com.CyclingManagerGame) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7518 | Core Apps | Cryptographic Issues vulnerability in Core-Apps Bowl Expo 2014 6.1.1.5 The Bowl Expo 2014 (aka com.coreapps.android.followme.bowlexpo14) application 6.1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7517 | Myanmar Movies HD Project | Cryptographic Issues vulnerability in Myanmar Movies HD Project Myanmar Movies HD 0.1 The Myanmar Movies HD (aka com.wmyanmarmoviesHD) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7516 | Canadapps | Cryptographic Issues vulnerability in Canadapps Central East Lhin News 0.1 The Central East LHIN News (aka com.wCentralEastLHINNews) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7515 | Onesolutionapps | Cryptographic Issues vulnerability in Onesolutionapps Bail Bonds 1.1 The Bail Bonds (aka com.onesolutionapps.chadlewisbailbondsandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7513 | Appbelle | Cryptographic Issues vulnerability in Appbelle TOP Hangover Cures 1.2 The Top Hangover Cures (aka com.TopHangoverCures) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7510 | Present Technologies | Cryptographic Issues vulnerability in Present-Technologies Graffit IT 1.1.2 The Graffit It (aka com.presenttechnologies.graffitit) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7509 | Ireadercity | Cryptographic Issues vulnerability in Ireadercity A Very Short History of Japan 3.0.2 The A Very Short History of Japan (aka com.ireadercity.c51) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7508 | Childrens | Cryptographic Issues vulnerability in Childrens Help for DOC 1 The Help For Doc (aka com.childrens.physician.relations) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7507 | Androidcommunity | Cryptographic Issues vulnerability in Androidcommunity Hector Leal 13.08.14 The Hector Leal (aka ad.hector.leal.com) application 13/08/14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7506 | Imapp | Cryptographic Issues vulnerability in Imapp Realtime Music Rank 5.5 The Realtime Music Rank (aka com.blogspot.imapp.immusicrank2) application 5.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7505 | Apptalk Project | Cryptographic Issues vulnerability in Apptalk Project Apptalk 1.4.8 The AppTalk (aka com.chatatami.apptalk) application 1.4.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7502 | Escucha Eldiario Project | Cryptographic Issues vulnerability in Escucha Eldiario Project Escucha Eldiario 1.2.3 The Escucha elDiario.es (aka es.lacabradev.escuchaeldiario) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7501 | Translation Widget Project | Cryptographic Issues vulnerability in Translation Widget Project Translation Widget 0.1 The Translation Widget (aka com.wTranslationGadget) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7499 | Ireadercity | Cryptographic Issues vulnerability in Ireadercity Sword 3.0.2 The Sword (aka com.ireadercity.c25) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7498 | Xaos | Cryptographic Issues vulnerability in Xaos Space Cinema 2.0.6 The Space Cinema (aka it.thespacecinema.android) application 2.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7497 | Portfolium Project | Cryptographic Issues vulnerability in Portfolium Project Portfolium 0.1 The Portfolium (aka com.wPortfolium) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7495 | Logosquest Beginnings Project | Cryptographic Issues vulnerability in Logosquest - Beginnings Project Logosquest - Beginnings 1.0 The LogosQuest - Beginnings (aka com.wLogosQuest) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7494 | Getscoop | Cryptographic Issues vulnerability in Getscoop Kontan Kiosk @7F07025E The Kontan Kiosk (aka com.appsfoundry.scoopwl.id.kontankiosk) application @7F07025E for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7493 | Ireadercity | Cryptographic Issues vulnerability in Ireadercity 100 Books 3.0.2 The 100 Books (aka com.ireadercity.c20) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7492 | Tejonstore | Cryptographic Issues vulnerability in Tejonstore Secretos DE Belleza 1 The Secretos de belleza (aka com.rareartifact.secretosdebelleza83A55CB8) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7491 | Ireadercity | Cryptographic Issues vulnerability in Ireadercity Short Stories 3.0.2 The Short Stories (aka com.ireadercity.c48) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7490 | Magzter | Cryptographic Issues vulnerability in Magzter Menaka - Marathi 3 The Menaka - Marathi (aka com.magzter.menakamarathi) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7488 | Highlighterstudio | Cryptographic Issues vulnerability in Highlighterstudio Vineyard ALL in 0.1 The Vineyard All In (aka com.wVineyardAllIn) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7487 | Pocketmags | Cryptographic Issues vulnerability in Pocketmags ADT Aesthetic Dentistry Today @7F080181 The ADT Aesthetic Dentistry Today (aka com.magazinecloner.aestheticdentistry) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7486 | Mitsubishicars | Cryptographic Issues vulnerability in Mitsubishicars Mitsubishi Road Assist 1 The Mitsubishi Road Assist (aka com.agero.mitsubishi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7485 | Tinytap | Cryptographic Issues vulnerability in Tinytap NOT Lost Just Somewhere Else 1.6.1 The Not Lost Just Somewhere Else (aka it.tinytap.attsa.notlost) application 1.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-20 | CVE-2014-7484 | Enyetech | Cryptographic Issues vulnerability in Enyetech Coca-Cola FM Guatemala 2.0.41725 The Coca-Cola FM Guatemala (aka com.enyetech.radio.coca_cola.fm_gu) application 2.0.41725 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-10-26 | CVE-2013-6796 | Deeproot Linux | Permissions, Privileges, and Access Controls vulnerability in Deeproot Linux Deepofix The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind. | 5.0 |
2014-10-26 | CVE-2014-6099 | IBM | Credentials Management vulnerability in IBM Sterling B2B Integrator 5.2/5.2.4 The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to obtain admin access via a brute-force approach. | 5.0 |
2014-10-25 | CVE-2014-4624 | Avamar Virtual Edition | Permissions, Privileges, and Access Controls vulnerability in Avamar Virtual Edition products EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call. | 5.0 |
2014-10-25 | CVE-2014-8760 | Process ONE | Cryptographic Issues vulnerability in Process-One Ejabberd ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption. | 5.0 |
2014-10-23 | CVE-2014-4766 | IBM | Information Exposure vulnerability in IBM Classic Meeting Server IBM Sametime Classic Meeting Server 8.0.x and 8.5.x allows remote attackers to obtain sensitive information by reading an exported Record and Playback (RAP) file. | 5.0 |
2014-10-22 | CVE-2014-8764 | Mageia Project Dokuwiki | Improper Authentication vulnerability in multiple products DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind. | 5.0 |
2014-10-22 | CVE-2014-8763 | Dokuwiki Mageia Project | Improper Authentication vulnerability in multiple products DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind. | 5.0 |
2014-10-22 | CVE-2014-8762 | Dokuwiki | Information Exposure vulnerability in Dokuwiki The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter. | 5.0 |
2014-10-22 | CVE-2014-8761 | Dokuwiki | Information Exposure vulnerability in Dokuwiki inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call. | 5.0 |
2014-10-22 | CVE-2014-8088 | Zend | Improper Authentication vulnerability in Zend Framework The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind. | 5.0 |
2014-10-22 | CVE-2014-7968 | Redhat | Cryptographic Issues vulnerability in Redhat Virtual Desktop Service Manager VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open. | 5.0 |
2014-10-22 | CVE-2014-6387 | Mantisbt | Improper Authentication vulnerability in Mantisbt gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind. | 5.0 |
2014-10-22 | CVE-2014-3675 | Redhat | Out-Of-Bounds Read vulnerability in Redhat Shim Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet. | 5.0 |
2014-10-21 | CVE-2014-4577 | Websupporter | Path Traversal vulnerability in Websupporter WP Amasin - the Amazon Affiliate Shop 0.9.6 Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter. | 5.0 |
2014-10-21 | CVE-2012-5243 | Bananadance | Permissions, Privileges, and Access Controls vulnerability in Bananadance Banana Dance 0.9/1.5 functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request. | 5.0 |
2014-10-20 | CVE-2012-5696 | Bulbsecurity | Permissions, Privileges, and Access Controls vulnerability in Bulbsecurity Smartphone Pentest Framework 0.1.2 Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request. | 5.0 |
2014-10-20 | CVE-2014-5094 | Status2K | Information Exposure vulnerability in Status2K Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function. | 5.0 |
2014-10-20 | CVE-2014-6308 | Osclass | Path Traversal vulnerability in Osclass Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. | 5.0 |
2014-10-24 | CVE-2014-7298 | Centrify | Permissions, Privileges, and Access Controls vulnerability in Centrify Suite and Directcontrol adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality. | 4.9 |
2014-10-26 | CVE-2014-5148 | XEN | Buffer Errors vulnerability in XEN 4.4.0/4.4.1 Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit userspace, which allows local guest users to cause a denial of service (crash) and possibly gain privileges via a crafted process. | 4.6 |
2014-10-25 | CVE-2014-1928 | Python Gnupg Project | Improper Input Validation vulnerability in Python-Gnupg Project Python-Gnupg 0.3.5 The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulnerability than CVE-2014-1927. | 4.6 |
2014-10-25 | CVE-2014-7180 | Electric Cloud | Permissions, Privileges, and Access Controls vulnerability in Electric Cloud Electriccommander Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files. | 4.6 |
2014-10-20 | CVE-2012-5697 | Bulbsecurity | Permissions, Privileges, and Access Controls vulnerability in Bulbsecurity Smartphone Pentest Framework 0.1.2 The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files. | 4.6 |
2014-10-25 | CVE-2014-1929 | Python Gnupg Project | Improper Input Validation vulnerability in Python-Gnupg Project Python-Gnupg 0.3.5/0.3.6 python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. | 4.4 |
2014-10-26 | CVE-2014-6635 | Exponentcms | Cross-Site Scripting vulnerability in Exponentcms Exponent CMS 2.3.0 Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php. | 4.3 |
2014-10-25 | CVE-2013-4594 | Payment FOR Webform Project | Improper Authentication vulnerability in Payment FOR Webform Project Payment FOR Webform The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment. | 4.3 |
2014-10-25 | CVE-2014-6611 | Blackberry | Improper Input Validation vulnerability in Blackberry OS and Blackberry World The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigger the download of a crafted app by modifying the client-server data stream. | 4.3 |
2014-10-25 | CVE-2014-4623 | EMC | Cryptographic Issues vulnerability in EMC Avamar EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | 4.3 |
2014-10-23 | CVE-2014-8071 | Openmrs | Cross-Site Scripting vulnerability in Openmrs 2.1 Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to allergyui/allergy.page; the (6) w10 parameter to htmlformentryui/htmlform/enterHtmlForm/submit.action; the (7) HTTP Referer Header to login.htm; the (8) returnUrl parameter to htmlformentryui/htmlform/enterHtmlFormWithStandardUi.page or (9) coreapps/mergeVisits.page; or the (10) visitId parameter to htmlformentryui/htmlform/enterHtmlFormWithSimpleUi.page. | 4.3 |
2014-10-22 | CVE-2014-8381 | Megapolis | Cross-Site Scripting vulnerability in Megapolis Megapolis.Portal Manager Multiple cross-site scripting (XSS) vulnerabilities in Megapolis.Portal Manager allow remote attackers to inject arbitrary web script or HTML via the (1) dateFrom or (2) dateTo parameter. | 4.3 |
2014-10-22 | CVE-2014-7183 | Litecart | Cross-Site Scripting vulnerability in Litecart Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING. | 4.3 |
2014-10-21 | CVE-2014-8380 | Splunk | Cross-Site Scripting vulnerability in Splunk 6.1.1 Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. | 4.3 |
2014-10-21 | CVE-2014-8377 | Webasyst | Cross-Site Scripting vulnerability in Webasyst Shop-Script 5.2.2.30933 Cross-site scripting (XSS) vulnerability in Webasyst Shop-Script 5.2.2.30933 allows remote attackers to inject arbitrary web script or HTML via the phone number field in a new contact to phpecom/index.php/webasyst/contacts/. | 4.3 |
2014-10-21 | CVE-2014-7280 | Tenable | Cross-Site Scripting vulnerability in Tenable web UI 2.3.3 Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header. | 4.3 |
2014-10-21 | CVE-2014-4517 | CBI Referral Manager Project | Cross-Site Scripting vulnerability in CBI Referral Manager Project CBI Referral Manager 1.2.1 Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the CBI Referral Manager plugin 1.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the searchString parameter. | 4.3 |
2014-10-21 | CVE-2014-4514 | Alipay Project | Cross-Site Scripting vulnerability in Alipay Project Alipay 3.6.0 Cross-site scripting (XSS) vulnerability in includes/api_tenpay/inc.tenpay_notify.php in the Alipay plugin 3.6.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to the getDebugInfo function. | 4.3 |
2014-10-21 | CVE-2012-5702 | Dotproject | Cross-Site Scripting vulnerability in Dotproject 2.1.6 Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to index.php. | 4.3 |
2014-10-20 | CVE-2014-8365 | Xornic | Cross-Site Scripting vulnerability in Xornic Contact US 1.0 Multiple cross-site scripting (XSS) vulnerabilities in Xornic Contact Us allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) email parameter to contact.php or (3) PATH_INFO to setup.php, related to the "PHP_SELF" variable. | 4.3 |
2014-10-20 | CVE-2014-3863 | J Extensions Store | Cross-Site Scripting vulnerability in J!Extensions Store Jchatsocial 2.2 Cross-site scripting (XSS) vulnerability in the JChatSocial component before 2.3 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the filename parameter in a file upload in an active JChat chat window. | 4.3 |
2014-10-20 | CVE-2014-8364 | TIM Rohrer | Cross-Site Scripting vulnerability in TIM Rohrer Wordpress Spreadsheet Plugin 0.62 Cross-site scripting (XSS) vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ss_id parameter. | 4.3 |
2014-10-20 | CVE-2014-3830 | Tomatocart | Cross-Site Scripting vulnerability in Tomatocart 1.1.8.6.1 Cross-site scripting (XSS) vulnerability in info.php in TomatoCart 1.1.8.6.1 allows remote attackers to inject arbitrary web script or HTML via the faqs_id parameter. | 4.3 |
2014-10-20 | CVE-2014-5098 | Jamroom | Cross-Site Scripting vulnerability in Jamroom Search Module Cross-site scripting (XSS) vulnerability in the Search module before 1.2.2 in Jamroom allows remote attackers to inject arbitrary web script or HTML via the query string to search/results/. | 4.3 |
2014-10-20 | CVE-2012-5866 | Achievo | Cross-Site Scripting vulnerability in Achievo 1.4.5 Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter. | 4.3 |
2014-10-20 | CVE-2014-6280 | Osclass | Cross-Site Scripting vulnerability in Osclass Multiple cross-site scripting (XSS) vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action or (2) nsextt parameter to oc-admin/index.php or the (3) nsextt parameter in an items_reported action to oc-admin/index.php. | 4.3 |
2014-10-20 | CVE-2012-2413 | Joomla | Cross-Site Scripting vulnerability in Joomla Joomla! Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php. | 4.3 |
2014-10-23 | CVE-2014-8072 | Openmrs | Permissions, Privileges, and Access Controls vulnerability in Openmrs 2.1 The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin. | 4.0 |
21 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-10-25 | CVE-2014-0476 | Chkrootkit Canonical | Improper Input Validation vulnerability in multiple products The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. | 3.7 |
2014-10-25 | CVE-2014-6152 | IBM | Cross-Site Scripting vulnerability in IBM Tivoli Integrated Portal 2.1/2.2 Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Integrated Portal (TIP) 2.2.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2014-10-25 | CVE-2014-6151 | IBM | Improper Input Validation vulnerability in IBM Tivoli Integrated Portal 2.1/2.2 CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 3.5 |
2014-10-25 | CVE-2014-2021 | Vbulletin | Cross-Site Scripting vulnerability in Vbulletin Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name. | 3.5 |
2014-10-21 | CVE-2014-3111 | Fogproject | Cross-Site Scripting vulnerability in Fogproject FOG Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 through 0.32 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Printer Model field to the Printer Management page, (2) Image Name field to the Image Management page, (3) Storage Group Name field to the Storage Management page, (4) Username field to the User Cleanup FOG Configuration page, or (5) Directory Path field to the Directory Cleaner FOG Configuration page. | 3.5 |
2014-10-21 | CVE-2014-8379 | Marketo MA Project | Cross-Site Scripting vulnerability in Marketo MA Project Marketo MA 7.X1.3 Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the (1) Webform or (2) User sub-modules. | 3.5 |
2014-10-21 | CVE-2014-8378 | Tablefield Project | Cross-Site Scripting vulnerability in Tablefield Project Tablefield 7.X2.0/7.X2.1/7.X2.2 Cross-site scripting (XSS) vulnerability in the TableField module 7.x-2.x before 7.x-2.3 allows remote authenticated users with the "administer content types" or "administer taxonomy" permission to inject arbitrary web script or HTML via vectors related to the field help text in an entity edit form. | 3.5 |
2014-10-21 | CVE-2014-8376 | Site Banner Project | Cross-Site Scripting vulnerability in Site Banner Project Site Banner 7.X4.0 Cross-site scripting (XSS) vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the "Administer contexts" Context UI module permission to inject arbitrary web script or HTML via vectors related to context settings. | 3.5 |
2014-10-20 | CVE-2014-5169 | Date Project | Cross-Site Scripting vulnerability in Date Project Date 7.X2.7 Cross-site scripting (XSS) vulnerability in the Date module before 7.x-2.8 for Drupal allows remote authenticated users with the permission to create a date field to inject arbitrary web script or HTML via the date field title. | 3.5 |
2014-10-20 | CVE-2014-5026 | Debian Cacti Opensuse | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action. | 3.5 |
2014-10-20 | CVE-2014-5025 | Debian Opensuse Cacti | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action. | 3.5 |
2014-10-20 | CVE-2014-8330 | Espocrm | Cross-Site Scripting vulnerability in Espocrm Cross-site scripting (XSS) vulnerability in EspoCRM allows remote authenticated users to inject arbitrary web script or HTML via the Name field in a new account. | 3.5 |
2014-10-20 | CVE-2014-5276 | PRO Chat Rooms | Cross-Site Scripting vulnerability in PRO Chat Rooms Text Chat Rooms 8.2.0 Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php. | 3.5 |
2014-10-26 | CVE-2014-6133 | IBM | Information Disclosure vulnerability in IBM API Management 3.0.0.0/3.0.0.1 IBM API Management 3.x before 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified vectors. | 2.1 |
2014-10-25 | CVE-2014-4620 | Meditech EMC | Information Exposure vulnerability in multiple products The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files. | 2.1 |
2014-10-20 | CVE-2014-5449 | Zarafa | Information Exposure vulnerability in Zarafa Webaccess and Webapp Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data. | 2.1 |
2014-10-20 | CVE-2014-5448 | Zarafa | Information Exposure vulnerability in Zarafa 5.00 Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files. | 2.1 |
2014-10-20 | CVE-2014-5447 | Zarafa | Information Exposure vulnerability in Zarafa Webapp and Zarafa Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. | 2.1 |
2014-10-22 | CVE-2014-4450 | Apple | Credentials Management vulnerability in Apple Iphone OS The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements. | 1.9 |
2014-10-22 | CVE-2014-4448 | Apple | Cryptographic Issues vulnerability in Apple Iphone OS House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID. | 1.9 |
2014-10-26 | CVE-2014-4812 | IBM | Information Exposure vulnerability in IBM Security Appscan Source The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port. | 1.8 |