1753 matches found
CVE-2014-5597
CVE-2014-5597 affects the Android game “The 9 Innings: 2014 Pro Baseball” (package com.com2us.nipb2013.normal.freefull.google.global.android.common), version 4.0.3. Root cause: the app does not verify X.509 certificates when connecting to SSL servers, enabling potential MITM attackers to spoof th...
CVE-2014-5611
The eBay Kleinanzeigen for Germany aka com.ebay.kleinanzeigen application 5.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Passera - Tool to generate strong unique passwords for each website
A simple tool that allows users to have strong unique passwords for each website, without the need to store them either locally or with an online service. It is available as a command-line tool for Linux/Mac/Windows and an Android app. Passera turns any entered text into a strong password up to 6...
CVE-2014-3902
The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates
Overview JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates. Akihisa Ishida reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-minddle attack may allo...
050 plus for Android information management vulnerability
Overview 050 plus for Android contains an information management vulnerability. 050 plus provided by NTT Communications is an IP phone application for smartphones. 050 plus for Android contains an information management vulnerability that outputs some pieces of information stored by the product t...
Faceless: Account hijacking possible through ADB backup feature
It was found that if an attacker had access to an unlocked phone, they could take any data from the application's sandbox through ADB's backup feature. Normally ADB backup allows applications to be backed up to the cloud. This means that if a user replaces or wipes their phone, they can restore a...
CVE-2014-2992
The Misli.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-2992
The Misli.com Android app is affected by CVE-2014-2992: it does not verify X.509 certificates from SSL servers, enabling MITM attackers to spoof servers and obtain sensitive information via a crafted certificate. This is a certificate validation weakness in the app’s SSL/TLS handling. The NVD ent...
CVE-2014-1976
The Demaecan application 2.1.0 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Demaecan for Android. contains an issue where it fails to verify SSL server certificates
Overview Demaecan for Android. contains an issue where it fails to verify SSL server certificates. kurisu and matt reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-minddle attack may allow an...
CVE-2014-1885
The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-storage resources, by leveraging control over any Google syndication advertising domain...
CVE-2014-1887
The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information, by leveraging control over one of a number of adult sites, as demonstrated b...
Code injection
The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage resources, by leveraging control over one of a number of "obscure Eastern European dating sites."...
Denny's App for Android. contains an issue where it fails to verify SSL server certificates
Overview Denny's App for Android. contains an issue where it fails to verify SSL server certificates. kurisu and matt reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-minddle attack may allow an...
Android app that notifies you whenever GPS enabled apps access your location
A team of Researchers at Rutgers University has developed an Android application which will notify you every time, whenever an app installed on your Smartphone accesses the GPS functionality. Smartphone is a multipurpose device, having features of both a mobile phone and a computer, allowing us t...
Mouabad Android Malware calling to Premium numbers; Generating revenue for its Master
None...
'Dark Mail Alliance', Future of surveillance proof email technology
Yesterday I learned about 'Dark Mail Alliance', where Lavabit, reportedly an email provider for NSA leaker Edward Snowden and Silent Circle comes together to create a surveillance-proof email technology. Ladar Levison at Lavabit and Silent Circle CEO Mike Janke, Founders of two e-mail services th...
Two Instagram Android App Security Vulnerabilities
Affected app: Instagram for Android Affected versions: 4.0.2 and 4.1.2, probably also earlier versions as well as iOS affected. Summary After the Instagram iOS vulnerability discovered last year 1, the app's HTTP API has been extended with a cryptographic authentication for changes like "likes" a...
Anonymous Search engine 'DuckDuckGo' Android app offers Tor integration
The world of mobile search is about to get a bit more anonymous. Thanks to the fears over government surveillance and corporate tracking, Anonymous Search Engine DuckDuckGo continues to break its own search records. DuckDuckGo Search & Stories - Android app deliver the same functionality as...