CVE-2014-6905

The H2O Human Harmony Organization aka com.netpia.ha.theh2o application 1.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Design/Logic Flaw

The New Beginnings CFC aka com.goodbarber.nbcfc application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-6763

The Codename Birdgame aka com.devsecondfictioncom.devsecondfictioncom.birdadhoc application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-6736

The EPL Hat Trick aka com.hat.trick.goal application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5994

The ding ezetop. Top-up Any Phone aka com.ezetop.world application 1.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Information disclosure

The TIO MobilePay - Bill Payments aka com.tionetworks.mobile.android.tioclient application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Information disclosure

The Mark's Daily Apple Forum aka com.tapatalk.marksdailyapplecomforum application 2.4.9.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5968

The iGolf - Golf GPS aka com.igolf application 20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5957

The Alien War Survivors aka com.ly.a13.gp application 1.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Design/Logic Flaw

The Free App Icons & Icon Packs aka com.jellytap.cooliconfinder application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5762

The Cut the Rope: Time Travel aka com.zeptolab.timetravel.free.google application 1.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5810

The SGK Hizmet Dokumu 4a aka tr.gov.sgk.hizmetDokumu4a application 1.103 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5688

The Runtastic Pedometer aka com.runtastic.android.pedometer.lite application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5554

The Fun Preschool Creativity Game aka air.com.tribalnova.ilearnwith.ipad.MotherAppEn application 1.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5684

The Runtastic Running & Fitness aka com.runtastic.android application 5.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Secret: ClientId gives away platform (iOS/Android) from which a secret was posted.

In /stream API request each post contains a property named "ClientId". I suppose it's generated by client applications when user is posting a secret. It seems that iOS and Android applications generate this string quite differently: xLfLHR six random characters — iOS...

CVE-2014-2001

The East Japan Railway Company JR East Japan application before 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate...

JVN#07677464: 050 plus for Android information management vulnerability

050 plus provided by NTT Communications is an IP phone application for smartphones. 050 plus for Android contains an information management vulnerability that outputs some pieces of information stored by the product to a system log file on the device. Impact Android applications with permissions ...

CVE-2014-0357

Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application...

Design/Logic Flaw

Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application...