Lucene search
K

1753 matches found

CVE
CVE
added 2014/09/09 1:0 a.m.40 views

CVE-2014-5597

CVE-2014-5597 affects the Android game “The 9 Innings: 2014 Pro Baseball” (package com.com2us.nipb2013.normal.freefull.google.global.android.common), version 4.0.3. Root cause: the app does not verify X.509 certificates when connecting to SSL servers, enabling potential MITM attackers to spoof th...

5.4CVSS6AI score0.00271EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/09/09 1:0 a.m.24 views

CVE-2014-5611

The eBay Kleinanzeigen for Germany aka com.ebay.kleinanzeigen application 5.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.9AI score0.00271EPSS
Exploits0References3
Kitploit
Kitploit
added 2014/08/20 1:5 a.m.12 views

Passera - Tool to generate strong unique passwords for each website

A simple tool that allows users to have strong unique passwords for each website, without the need to store them either locally or with an online service. It is available as a command-line tool for Linux/Mac/Windows and an Android app. Passera turns any entered text into a strong password up to 6...

7AI score
Exploits0References1
Cvelist
Cvelist
added 2014/08/15 10:0 a.m.18 views

CVE-2014-3902

The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.8AI score0.00819EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/06/18 5:57 a.m.1 views

JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates

Overview JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates. Akihisa Ishida reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-minddle attack may allo...

5.8CVSS6.5AI score0.00582EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/06/17 5:50 a.m.2 views

050 plus for Android information management vulnerability

Overview 050 plus for Android contains an information management vulnerability. 050 plus provided by NTT Communications is an IP phone application for smartphones. 050 plus for Android contains an information management vulnerability that outputs some pieces of information stored by the product t...

2.6CVSS6.3AI score0.00992EPSS
Exploits0References5
Hacker One
Hacker One
added 2014/05/20 12:50 p.m.43 views

Faceless: Account hijacking possible through ADB backup feature

It was found that if an attacker had access to an unlocked phone, they could take any data from the application's sandbox through ADB's backup feature. Normally ADB backup allows applications to be backed up to the cloud. This means that if a user replaces or wipes their phone, they can restore a...

7AI score
Exploits0
NVD
NVD
added 2014/04/26 1:55 a.m.7 views

CVE-2014-2992

The Misli.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

6.4CVSS5.9AI score0.00567EPSS
Exploits0References2
CVE
CVE
added 2014/04/26 1:0 a.m.39 views

CVE-2014-2992

The Misli.com Android app is affected by CVE-2014-2992: it does not verify X.509 certificates from SSL servers, enabling MITM attackers to spoof servers and obtain sensitive information via a crafted certificate. This is a certificate validation weakness in the app’s SSL/TLS handling. The NVD ent...

6.4CVSS6AI score0.00567EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2014/03/18 5:18 a.m.18 views

CVE-2014-1976

The Demaecan application 2.1.0 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.8CVSS5.8AI score0.00587EPSS
Exploits1References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/03/17 4:43 a.m.4 views

Demaecan for Android. contains an issue where it fails to verify SSL server certificates

Overview Demaecan for Android. contains an issue where it fails to verify SSL server certificates. kurisu and matt reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-minddle attack may allow an...

5.8CVSS6.5AI score0.00587EPSS
Exploits1References5
NVD
NVD
added 2014/03/03 4:50 a.m.23 views

CVE-2014-1885

The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-storage resources, by leveraging control over any Google syndication advertising domain...

6.4CVSS7.4AI score0.01565EPSS
Exploits1References3
NVD
NVD
added 2014/03/03 4:50 a.m.20 views

CVE-2014-1887

The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information, by leveraging control over one of a number of adult sites, as demonstrated b...

4.3CVSS7.2AI score0.01341EPSS
Exploits2References3
Prion
Prion
added 2014/03/03 4:50 a.m.16 views

Code injection

The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage resources, by leveraging control over one of a number of "obscure Eastern European dating sites."...

6.8CVSS7.9AI score0.01475EPSS
Exploits2References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/02/26 6:21 a.m.3 views

Denny's App for Android. contains an issue where it fails to verify SSL server certificates

Overview Denny's App for Android. contains an issue where it fails to verify SSL server certificates. kurisu and matt reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-minddle attack may allow an...

5.8CVSS6.5AI score0.00587EPSS
Exploits1References5
The Hacker News
The Hacker News
added 2014/02/01 12:42 a.m.62 views

Android app that notifies you whenever GPS enabled apps access your location

A team of Researchers at Rutgers University has developed an Android application which will notify you every time, whenever an app installed on your Smartphone accesses the GPS functionality. Smartphone is a multipurpose device, having features of both a mobile phone and a computer, allowing us t...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2013/12/11 5:56 a.m.13 views

Mouabad Android Malware calling to Premium numbers; Generating revenue for its Master

None...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2013/10/31 9:42 a.m.14 views

'Dark Mail Alliance', Future of surveillance proof email technology

Yesterday I learned about 'Dark Mail Alliance', where Lavabit, reportedly an email provider for NSA leaker Edward Snowden and Silent Circle comes together to create a surveillance-proof email technology. Ladar Levison at Lavabit and Silent Circle CEO Mike Janke, Founders of two e-mail services th...

6.5AI score
Exploits0
securityvulns
securityvulns
added 2013/10/09 12:0 a.m.63 views

Two Instagram Android App Security Vulnerabilities

Affected app: Instagram for Android Affected versions: 4.0.2 and 4.1.2, probably also earlier versions as well as iOS affected. Summary After the Instagram iOS vulnerability discovered last year 1, the app's HTTP API has been extended with a cryptographic authentication for changes like "likes" a...

Exploits0
The Hacker News
The Hacker News
added 2013/10/03 3:37 p.m.9 views

Anonymous Search engine 'DuckDuckGo' Android app offers Tor integration

The world of mobile search is about to get a bit more anonymous. Thanks to the fears over government surveillance and corporate tracking, Anonymous Search Engine DuckDuckGo continues to break its own search records. DuckDuckGo Search & Stories - Android app deliver the same functionality as...

6.7AI score
Exploits0
Rows per page
Query Builder