CVE-2017-13100

DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key...

CVE-2017-13100 DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption

DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key...

CVE-2017-13102 Gameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 2017-08-13, iOS application uses a hard-coded key for encryption

Gameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 2017-08-13, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key...

CVE-2017-13104

CVE-2017-13104 affects UberEATS: Uber for Food Delivery (iOS) version 1.108.10001; vulnerability stems from a hard-coded encryption key used by the app, enabling data stored with that key to be decrypted by anyone who has the key. Public CVSS metrics in the record show total base score 7.5 (HIGH)...

CVE-2017-13104 Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, 2017-11-02, iOS application uses a hard-coded key for encryption

Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, 2017-11-02, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key...

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application For iOS

This is a Swift version of original iGoat Objective C project. Using OWASP iGoat, you can learn exploiting and defending vulnerabilities in iOS Swift applications. Developed using Swif 4 and Ruby iGoat Objective C was presented at: OWASP TOP 10 Mobile Reverse Engineering Runtime Analysis Data...

Reverb.com: Full account takeover

Hello Team, I got a security issue in reverb ios application which allows an attacker hack all users account. Since iOS application is not in the scope but still I am reporting this, because this vulnerability may compromise all users account. Please resolve this quickly. Desription: Reverb ios...

Apple Support iOS Application 1.1.1 Unencrypted Third Party Analytics Vulnerability

Apple Support iOS application versions 1.1.1 and below send potentially sensitive information such as mobile carrier, install date and time, number of app launches, device model, iOS version and screen resolution, unencrypted to a third party site Adobe Marketing Cloud. Apple Support iOS...

How to obtain expiration date of the "Distribution Provisioning Profile (.MOBILEPROVISION)" file of an iOS (.iPA) application

What is the "Distribution Provisioning Profile .MOBILEPROVISION" File used by Apple Xcode, a software developmentIDEoften used for creating iPhone apps; contains a provisioning profile, which allows an app to be uploaded to a limited number of iPhones or iPads while it is still in development. Yo...

First Security Bank Sleepy Eye Mobile for iOS Information Disclosure Vulnerability

First Security Bank Sleepy Eye Mobile for iOS is an iOS-based mobile banking application from First Security Bank in the United States. The program features quick access to manage bank accounts, manage balances, pay bills and send money. A security vulnerability exists in version 3.0.0 of First...

CVE-2017-9568

The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Quest Information Systems Indiana Voters app for iOS Authentication Vulnerability

Quest Information Systems Indiana Voters app for iOS is an Indiana voter registration mobile app for iOS developed by Quest Information Systems, Inc. An authentication vulnerability exists in version 1.1.24 of the Quest Information Systems Indiana Voters app for iOS, which stems from the program'...

CVE-2017-8938

The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2017-5909

The Electronic Funds Source EFS Mobile Driver Source app 2.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Default credentials

360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android or iOS application...

Super File Explorer 1.0.1 - Arbitrary File Upload Vulnerability

Document Title: =============== Super File Explorer 1.0.1 - Arbitrary File Upload Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2034 Release Date: ============= 2017-02-23 Vulnerability Laboratory ID VL-ID:...

Brave Software: [iOS] URI Obfuscation in iOS application

Summary: you must trick someone into viewing a website they did not want to view by tempting them with something they are familiar with. Products affected: Brave iOS application https://itunes.apple.com/in/app/brave-web-browser/id1052879175?mt=8 this application is vulnerable to the URI obfuscati...

Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability

Document Title: =============== Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1852 Release Date: ============= 2016-05-24 Vulnerability Laboratory ID VL-ID: ==================================== 18...

C And C++ For OS Filter Bypass / Script Insertion

Document Title: =============== C & C++ for OS - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1825 Release Date: ============= 2016-04-14 Vulnerability Laboratory ID VL-ID: ====================================...

New Relic: Sensitive information contained with New Relic APM iOS application

An issue was reported to us against the New Relic APM iOS app. Specifically, the issue was that the release version of the application contained some sensitive information, including internal email addresses and API keys. Versions newer then 3.20.3 released Aug 28, 2015 no longer contain this...