4 matches found
CVE-2025-20615
The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file. This allows an attacker to log in to production-level development accounts and access an engineering backdoor in the application. The engineering backdoor allows the attacker to send hex-based...
CVE-2017-9588
The "Oritani Mobile Banking" by Oritani Bank app 3.0.0 -- aka oritani-mobile-banking/id778851066 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Warner Bros. ellentube app for iOS authentication vulnerability
Warner Bros. ellentube app for iOS is an iOS-based video playback app from Warner Bros. An authentication vulnerability exists in versions 3.1.1 through 3.1.3 of the Warner Bros. ellentube app for iOS, which stems from the program's failure to validate an X.509 certificate on the server side of a...
CVE-2017-8939
The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...