265 matches found
The vulnerability of the Apache ActiveMQ messaging broker, related to the lack of TLS hostname verification, allows attackers to gain unauthorized access to protected data.
The vulnerability of the Apache ActiveMQ messaging broker is related to the absence of hostname verification for TLS. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected data...
CVE-2017-8177
Huawei APP HiWallet earlier than 5.0.3.100 versions do not support signature verification for APK file. An attacker could exploit this vulnerability to hijack the APK and upload modified APK file. Successful exploit could lead to the APP is hijacking...
UBUNTU-CVE-2017-16853
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...
CVE-2017-14582
The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate...
CompuLab Intense PC Input Validation Vulnerability
The CompuLab Intense PC is a miniature PC device from CompuLab Israel. A security vulnerability exists in CompuLab Intense PCs using firmware version cr2.2.0.400.2, which stems from a failure of the Phoenix SecureCore UEFI firmware to perform capsule signature verification. An attacker can exploi...
CVE-2017-9588
The "Oritani Mobile Banking" by Oritani Bank app 3.0.0 -- aka oritani-mobile-banking/id778851066 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2017-9559
The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2017-9564
The community-banks-cb2go/id445828071 app 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2017-9573
The North Adams State Bank Ursa nasb-mobile-banking/id980573797 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2017-8942
The YottaMark ShopWell - Healthy Diet & Grocery Food Scanner app 5.3.7 through 5.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
PT-2017-17116 · Bittorrent +1 · Qbittorrent +1
Name of the Vulnerable Software and Affected Versions: qBittorrent versions prior to 3.3.11 qBittorrent versions prior to the version released in October 2024 Description: The issue concerns a lack of proper escaping of values in the WebUI, potentially leading to XSS attacks. Additionally, there...
DMM.com Securities FX Apps for Android fail to verify SSL server certificates
Overview Multiple Android Applications provided by DMM.com Securities Co.,Ltd. fail to verify SSL server certificates. Gaku Taniguchi of RiskFinder,inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...
CVE-2014-7744
The Musulmanin.com aka com.wSalyafiyailimurdjiya application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7760
The Health assistance service aka net.nttcloud.ft.karada application 2.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7741
The Healing Bookstore aka com.wHealingBookstore application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7726
The Golosinas Simpson1 aka com.wGolosinasSimpson1 application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7767
The A+ aka cn.xrzcm application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7739
The Anahi A Adopter FR aka com.wAnahiAAdopterFR application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7745
The Flight Manager aka com.flightmanager.view application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7698
The Xinhua International aka org.xinhua.xnewsinternational application 5.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...