1080 matches found
Design/Logic Flaw
The Newphoria Reversi application before 1.0.3 for Android and before 1.2 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors...
Design/Logic Flaw
The Newphoria Koritore application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors...
Design/Logic Flaw
The Newphoria Photon application before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors...
Design/Logic Flaw
The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors...
CVE-2015-5632
The runtime engine in the Newphoria applican framework before 1.12.3 for Android and before 1.12.2 for iOS allows attackers to bypass a whitelist.xml URL whitelist protection mechanism and obtain API access via unspecified vectors...
CVE-2015-5636
CVE-2015-5636 affects Newphoria Reversi on Android up to version 1.0.2 and iOS up to 1.1 (the advisory cites Android 1.0.3 and iOS 1.2 as non-vulnerable). The issue is a bypass of the URL whitelist protection, allowing an attacker to obtain API access via unspecified vectors by abusing the app’s ...
CVE-2015-5634
CVE-2015-5634 affects Newphoria MEGAPHONE MUSIC (Android and iOS). The MEGAPHONE MUSIC app (Android/iOS) before version 1.1 is vulnerable to a URL-whitelist bypass via the app’s URL scheme, enabling loading of arbitrary pages. JVN/JVNDB entries specify impact: Android may allow an API deemed in t...
CVE-2015-5637
The CVE-2015-5637 entry concerns the Android Photon application by Newphoria. Affected software: Photon for Android prior to version 1.2. The root cause is a bypass of the URL whitelist protection, enabling attackers to obtain API access via unspecified vectors. Documented impact indicates that a...
CVE-2015-5632
The Newphoria applican framework vulnerability (Android versions prior to 1.12.3; iOS prior to 1.12.2) is a URL whitelist bypass in the runtime engine. When an app is launched via the URL-scheme, the whitelist.xml protection can be bypassed and non‑whitelisted URLs may be accessed, enabling an AP...
CVE-2015-5632
The runtime engine in the Newphoria applican framework before 1.12.3 for Android and before 1.12.2 for iOS allows attackers to bypass a whitelist.xml URL whitelist protection mechanism and obtain API access via unspecified vectors...
CVE-2015-5633
The Newphoria Auction Camera application for iOS and before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors...
CVE-2015-5634
The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors...
CVE-2015-5635
The Newphoria Koritore application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors...
CVE-2015-5636
The Newphoria Reversi application before 1.0.3 for Android and before 1.2 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors...
CVE-2015-5635
The CVE-2015-5635 entries describe a vulnerability in Newphoria Koritore for Android and iOS prior to version 1.1 where the app can bypass the URL whitelist protection and gain API access. Affected products are Koritore for Android versions 1.0 and earlier and Koritore for iOS versions 1.0 and ea...
CVE-2015-5637
The Newphoria Photon application before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors...
Code injection
The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors...
CVE-2015-5629
The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors...
CVE-2015-5629
The CVE pertains to the NTT Broadband Platform Japan Connected-free Wi‑Fi application (Android up to 1.6.0 and iOS up to 1.0.2). Multiple connected sources confirm a vulnerability that allows bypassing the URL whitelist protection and may enable arbitrary API execution or loading of arbitrary pag...
CVE-2015-5629
The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors...