Lucene search
K

78 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/24 12:0 a.m.170 views

JVN#57806517: Android App "Tootdon for Mastodon" fails to verify SSL server certificates

Android App "Tootdon for Mastodon" provided by Tsukurito, Inc. fails to verify SSL server certificates CWE-295. Impact A man-in-the-middle attack may allow an attacker to obtain and/or alter a content of communication. Solution Update the Application Update to the latest version according to the...

7.4CVSS7.1AI score0.00643EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/03/12 12:0 a.m.131 views

JVN#11622218: iChain Insurance Wallet App for iOS vulnerable to directory traversal

iChain Insurance Wallet App for iOS provided by iChain, Inc. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device...

8.6CVSS7.7AI score0.03305EPSS
Exploits0
ThreatPost
ThreatPost
added 2019/02/14 12:30 p.m.125 views

Critical OkCupid Flaw Exposed Daters to App Takeovers

A critical flaw in the OkCupid app has been found that could allow a bad actor to steal credentials, launch man-in-the-middle attacks or completely compromise the victim’s application. This is separate from the OKCupid account-takeover incident reported earlier in the week, but it does fit the...

6.8AI score
Exploits0References10
Prion
Prion
added 2018/12/12 4:29 p.m.16 views

Cross site request forgery (csrf)

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could explo...

6.8CVSS8.3AI score0.01186EPSS
Exploits0References3Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/07/06 12:0 a.m.490 views

JVN#77409513: DHC Online Shop App for Android fails to verify SSL server certificates

DHC Online Shop App for Android provided by DHC Corporation fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provid...

7.4CVSS7.2AI score0.00607EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/05/11 12:0 a.m.64 views

JVN#83671755: KINEPASS App fails to verify SSL server certificates

KINEPASS App provided by T・JOY CO.,LTD fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by the developer...

5.9CVSS5.3AI score0.00873EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/24 6:8 a.m.1 views

RBB SPEED TEST App fails to verify SSL server certificates

Overview RBB SPEED TEST App provided by IID, Inc. fails to verify SSL server certificates. DigiGnome reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attacker to...

5.9CVSS6.5AI score0.00632EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/03/01 12:0 a.m.30 views

JVN#82619692: Access CX App fails to verify SSL server certificates

Access CX App provided by NISSAN SECURITIES CO., LTD. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by...

5.9CVSS5.3AI score0.00642EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/05/24 12:0 a.m.31 views

JVN#43529183: Jetstar App for iOS fails to verify SSL server certificates

Jetstar App for iOS provided by Jetstar Airways Pty Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update to the latest version according to the information provided ...

5.9CVSS5.3AI score0.00642EPSS
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2016/02/04 12:0 a.m.20 views

Apple iOS v9.x - Application Update Loop Pass Code Bypass

Document Title: =============== Apple iOS v9.x - Application Update Loop Pass Code Bypass References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1711 View Video: https://www.youtube.com/watch?v=V-9lE1L3nq0 Apple Follow-up ID: 631627909 Advisory:...

7.1AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2016/02/04 12:0 a.m.15 views

Apple iOS v9.x - Application Update Loop Pass Code Bypass

Document Title: =============== Apple iOS v9.x - Application Update Loop Pass Code Bypass References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1711 View Video: https://www.youtube.com/watch?v=V-9lE1L3nq0 Apple Follow-up ID: 631627909 Advisory:...

0.3AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2016/02/04 12:0 a.m.35 views

Apple iOS v9.x - Application Update Loop Pass Code Bypass

Document Title: =============== Apple iOS v9.x - Application Update Loop Pass Code Bypass References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1710 Apple Follow-up ID: 631627909 Video: http://www.vulnerability-lab.com/getcontent.php?id=1711 Vulnerability...

0.3AI score
Exploits0
0day.today
0day.today
added 2013/09/25 12:0 a.m.50 views

Good for Enterprise 2.2.2.1611 - XSS Vulnerability

Exploit for hardware platform in category web applications The vulnerable versions are v2.2.2.1611 and earlier Proof of Concept: HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version. Payload: alert'XSS Here'...

4.3CVSS0.4AI score0.02418EPSS
Exploits6
RedHat Linux
RedHat Linux
added 2013/01/28 11:10 p.m.51 views

Critical: Red Hat Security Advisory: rubygem-activesupport security update

An updated rubygem-activesupport package that fixes one security issue is now available for Red Hat OpenShift Enterprise 1.0. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

7.5CVSS7.5AI score0.98582EPSS
Exploits7References2
Positive Technologies
Positive Technologies
added 2011/05/31 12:0 a.m.3 views

PT-2011-05: Cross-Site Scripting in Koha Library Software

Koha Library Software – library automation system. Vulnerability Description Positive Research Center detects XSS in Koha Library Software. Application insufficiently verifies incoming data from users in the following scripts: opac-downloadcart.pl opac-addbybiblionumber.pl opac-downloadshelf.pl...

6.8AI score
Exploits0References3
OpenVAS
OpenVAS
added 2009/02/13 12:0 a.m.26 views

Fedora Update for Miro FEDORA-2008-11598

Check for the Version of Miro OpenVAS Vulnerability Test Fedora Update for Miro FEDORA-2008-11598 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

10CVSS0.8AI score0.03201EPSS
Exploits0References2
CERT
CERT
added 2005/02/21 12:0 a.m.31 views

WinAmp contains a flaw in metadata handling in .mpa and .mp4 files

Overview WinAmp contains a flaw which may allow an attacker to crash WinAmp remotely via .mpa or .mp4 files. Description Nullsoft's WinAmp Player, a popular multimedia system for Microsoft Windows, contains a flaw in the handling of the metadata called "tags" contained within .mpa and .mp4 files...

7AI score
Exploits0References2
CERT
CERT
added 2003/03/26 12:0 a.m.17 views

BEA WebLogic Server fails to discard cached authentication information when web applications are updated

Overview The BEA WebLogic server contains a vulnerability that may allow authenticated users to bypass authentication for a given web application when the application has been updated. Description The BEA WebLogic Server provides a feature that allows it to store user authentication information f...

6.8AI score
Exploits0References2
Rows per page
Query Builder