274 matches found
Design/Logic Flaw
An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors...
CVE-2023-47393
CVE-2023-47393 describes an access control flaw in the Mercedes me iOS app (versions 1.34.0 and below) that could let an attacker view other users’ maintenance orders and access sensitive user data via unspecified vectors. The NVD entry rates it at CVSS v3.1 base score 5.3 (Medium) with network a...
PT-2023-30440 · Mercedes · Mercedes Me Ios App
Name of the Vulnerable Software and Affected Versions: Mercedes me IOS APP versions 1.34.0 and below Description: The issue allows attackers to view the carts of other users by sending a crafted add order request, exploiting an access control problem. Recommendations: For Mercedes me IOS APP...
CVE-2023-47392
An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request...
CVE-2023-3615
Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection...
CVE-2023-3615 Lack of server certificate validation in websockets connection
Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection...
PT-2023-25456 · Mattermost · Mattermost Ios App
Name of the Vulnerable Software and Affected Versions: Mattermost iOS app affected versions not specified Description: The Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection, allowing a network attacker to intercept the WebSockets connection...
Zip And RAR FileExtractor 5.7 Cross Site Scripting
Exploit Title: Zip & RAR FileExtractor v5.7 - Reflected XSS Vendor Homepage: Penghui Zhao Software Link: https://apps.apple.com/tr/app/zip-rar-file-extractor/id769409043?l=en Date: 2023-06-20 Exploit Author: tmrswrr Category : ios app Version: v5.7 Tested on: Windows/Linux Description: Go to Wi-F...
CVE-2023-29501
Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verification. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to...
UBUNTU-CVE-2023-28999
Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files,...
Nextcloud 安全漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that originates from allowing a malicious server to gain access to E2EE folders. Affected products and version...
CVE-2023-23132
Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys...
PT-2023-18851 · Selfwealth · Selfwealth Ios Mobile App
Name of the Vulnerable Software and Affected Versions: Selfwealth iOS mobile App version 3.3.1 Description: The issue concerns Insecure App Transport Security ATS Settings in the Selfwealth iOS mobile App. This means the app may not properly secure its communication, potentially allowing for...
CVE-2022-39257 Matrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions
Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this m...
CVE-2022-37193
Chipolo ONE Bluetooth tracker 2020 Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials...
CVE-2022-29482
'Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack...
CVE-2021-41994
The CVE-2021-41994 entry concerns PingID: an RSA misconfiguration in the PingID iOS app prior to 1.19. This flaw enables pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. Affected component: PingID iOS app (pre-1.19); root cause: RSA misconfigurati...
CVE-2021-45490
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation...
Rcdevs OpenOtp Ios Mobile Application 安全漏洞
Rcdevs OpenOtp Ios Mobile Application is a mobile authentication solution from Rcdevs Luxembourg. A security vulnerability exists in Rcdevs OpenOtp Ios Mobile Application 1.4.13 and 1.4.14, which can be exploited by an attacker to retrieve the PIN code used to access the application...
JVN#10168753: SNKRDUNK Market Place App for iOS vulnerable to improper server certificate verification
SNKRDUNK Market Place App for iOS provided SODA, Inc. is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on and/or alter the communication. Solution Update the application Update the application to the latest...